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RUNNING  FIREWALL,  so  you  can  share 
company  information  without  uninvited  guests. 


WHY  NOT  START  BUILDING  THE  DATA  CENTER 
OF  TOMORROW,  TODAY? 


The  new  Sun  Fire™  Blade  Platform  and  N1  technology  represent  a  fundamental  shift  in  how  data  centers 
are  built  and  managed.  Now  computing,  networking  and  storage  components  can  be  virtualized  and 
operated  as  a  single,  shift-on-the-fly  system. The  result:  a  far  more  efficient  computing  environment  with 
dramatically  reduced  cost  and  complexity. 

The  future  of  the  data  center  starts  here,  with  the  Nl-enabled  Sun  Fire  Blade  Platform. 

Based  on  open  standards,  the  new  Sun  Fire  Blade  Platform  is  the  only  platform  designed  to  integrate 
SPARC®/Solaris™  and  x86  Linux/Solaris  Blades,  as  well  as  special  function  blades,  into  a  single  blade  shelf. 
It  also  seamlessly  integrates  with  network  attached  storage,  like  the  new  Sun  StorEdge™3310  NAS.  Add  the 
N1  Provisioning  Server,  part  of  our  revolutionary  new  IT  architecture,  and  you  can  virtualize  your  blade 
computing  resources  and  quickly  respond  to  changes  in  demand,  or  change  services  on  demand. 


With  the  Sun  Fire  Blade  Platform  and  N1,  you’re  not  just  managing  cost  and  complexity.  You’re  driving  it 
out.  Bottom  line:  You're  starting  to  make  your  data  center  work  overtime,  instead  of  your  people. 


2003  Sun  Microsystems,  Inc.  All  rights  reserved.  Sun,  Sun  Microsystems,  the  Sun  logo,  Sun  Fire,  Solaris  and  Sun  StorEdge  are  trademarks  or  registered  trademarks  of  Sun 
M  ciosystems,  Inc  in  the  United  States  and  other  countries.  All  SPARC  trademarks  are  used  under  license  and  are  trademarks  or  registered  trademarks  of  SPARC  International, 
Inc.  in  the  United  States  and  other  countries.  Products  bearing  SPARC  trademarks  are  based  on  an  architecture  developed  by  Sun  Microsystems,  Inc. 


SUN’S  NEW  N1  PROVISIONING  SERVER 

software  enables  you  to  dynamically 
reallocate  resources,  so  you  can  deploy 
new  services  as  needed. 


SSL  PROXY  BLADE,  soon  to  be 
released,  letsTim  Malone  access 
sales  figures,  but  not  inventory. 


LOAD  BALANCING  BLADES,  the  next 

innovation:  so  there’s  no  holdup  in  getting 
your  COO  the  latest  supply  chain  reports. 


RUNNING  SUN'“  ONE  WEB  SERVER  by  day  and 

accounts  payable  by  night,  so  you  can  close 
the  quarter  without  cutting  off  customers. 


+Sun 

microsystems 
We  make  the  net  work. 


LEARN  MORE  ABOUT  THE  NEW  SUN  FIRE  BLADE  PLATFORM 
AND  SEE  SUN’S  ENTIRE  LINE  OF  COMPETITIVELY  PRICED  SERVERS. 

Visit  sun.com/whynot 


Get  the  same  top-quality  memory  the  server 

manufacturers  use. 


"As  the  official  factory  outlet  for  Micron  Technology's  RAM-manufacturing  facilities, 

(Crucial)  offers  near-wholesale  pricing  for  a  broad  array  of  top-quality  memory  modules. . . 
you  have  to  wonder  why  anyone  would  buy  memory  anywhere  else. " 

—  Computer  Shopper  magazine 


At  low,  factory-direct  prices.  It's  Crucial. 

When  it  comes  to  server  memory  upgrades,  the  issue  on  everyone's  mind  is  quality.  After  all, 
you're  upgrading  to  improve  productivity.  The  last  things  you  need  are  memory  failures  and 
server  downtime.  When  you  buy  from  Crucial,  you're  buying  directly  from  the  memory 
manufacturer,  Micron — just  like  the  server  manufacturers  do.  It  only  costs  less  because  you 
aren't  paying  the  middleman  mark-up  fees.  So  you  cut  costs  without  sacrificing  performance 
Visit  The  Memory  Experts™  today,  and  save  up  to  60%  on  upgrades  for  your  Intel-based 
servers.  And  discover  why  Crucial  means  business. 

•  Guaranteed  to  work  in  your  server  or  your  money  back  •  Same-day  shipping  c 

•  Time-saving  Memory  Selector™  for  easy  upgrading  •  Free  shipping  (contiguous  US) 

•  Free  technical  support  from  the  best  in  the  industry 


512MB  PCI  33  REGISTERED  SDRAM 


$104 


99 


for  today's  most  popular  systems 


>n  most  orders 


FREE  SHIPPING* 


BizRate.com 


Order  online: 

www.crucia  I  .com/servers 


or  call  toll-free  1-888-363-5183 


crucial 

TECHNOLOGY 

A  Division  of  Micron 

The  Memory  Experts'” 


•  See  Web  site  for  details. 

r  t  >s  may  vary  according  to  specific  system  requirements.  The  price  listed  was  valid  on  2/3/03  when  we  sent  this  ad  to  the  publisher;  however,  prices  may  have  dramatically  increased  or  decreased  since  then.  Visit  the  FAQ  section  of  Crucial.com 

to  .earn  more  about  why  memory  prices  go  up  and  down. 

c  2003  Micron  Technology.  Inc  All  rights  reserved.  Micron  Technology.  Inc.,  is  an  authorized  licensee  of  the  CompactFlash™  and  MultiMediaCard™  trademarks.  The  Memory  Experts  is  a  service  mark  and  Crucial  Technology. 

.•  Cru-  >ol  logo  and  Micron  are  registered  trademarks  of  Micron  Technology.  Inc.  All  other  brands  and  names  used  herein  are  the  property  of  their  respective  owners.  Crucial  Technology  is  a  division  of  Micron  Semiconductor 
1  -jucti,  inr .  which  is  a  wholly  owned  subsidiary  of  Micron  Technology,  Inc.  Phone  208-363-5500.  Fax  208-363-5501.  E-mail  crucial. sales©micron.com.  Crucial  Technology  is  not  responsible  for  omissions  or  errors  in  typography  or 

photography. 
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Weblog:  Live  from  Demo 

Our  editors  give  you  the  inside  scoop  on  the  products  making  their  debut 
at  Demo  this  week. 

DocFinder:  4338 
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Follow  Aquent  CIO  Larry  Bolick  as  he  chronicles  the  good,  bad  and  ugly  of 
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Get  the  latest  on  wireless  technology 

Wireless  LAN  technology  is  one  of  the  hottest  IT  topics  today. 

Join  Tom  Henderson  for  Network  World's  Technology  Tour,  "Wireless 
LANs:  Building  and  Managing  a  Well-Integrated  802.11  Network,"  and 
discover  how  you  can  seamlessly  meld  wireless  technology  into  your 
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Columnist  James  Gaskin  introduces  remote  and  home-based 
workers  to  a  host  of  free  security  and  antispam  products. 
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Structured  wiring  and  marble  countertops 

Building  a  new  house?  Mike  Wolf  tells  you  why  you  should 

include  a  built-in  network.  DocFinder:  4342 
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makes  wireless  network 
imaging  easy 


One  company  enables  you  to  add  printers  and  MFP  devices 
to  your  network  without  using  cables.  Only  Kyocera  Mita 
offers  an  embedded  wireless  LAN  solution,  which  delivers 
superior  performance  as  if  it  were  wired.  Now  you*  can  add 
MFPs  in  places  that  were  virtually  inaccessible,  or  move 
printers  from  office  to  office  as  workload  demands. 

Flexible  document  solutions  to  meet  today’s  needs  and 
tomorrow’s  challenges.  In  an  increasingly  wireless  world, 
one  company  is  leading  the  way.  Kyocera  Mita. 

To  learn  more  about  our  complete  end-to-end 
wireless  solution,  visit  www.kyoceramita.com 
or  call  1-800-222-6482. 


total  document  solutions 


KYOCERA  MITA  AMERICA,  INC. 
www.kyoceramita.com 
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Show  spotlight  to  shine  on  IP  voice 

Alcatel,  Avaya  and  Siemens  among  companies  airing  new  products. 


■  BY  PHIL  HOCHMUTH 

WASHINGTON,  D.C.  —  This 
weeks  VoiceCon  show  promises 
to  have  convergence-hungry 
attendees  anxious  to  dig  into  a 
variety  of  IP  telephony  fare  at  a 
time  when  budget  woes  have 
lesser  priorities  stuck  on  the 
back  burner. 

Companies  such  as  Alcatel, 
Avaya,  Mitel  and  Siemens  will 
offer  hardware  and  software 
aimed  at  letting  users  combine 
voice  and  data  onto  one  net¬ 
work  and  take  full  advantage  of 
converged  applications.  How¬ 
ever,  these  vendors  also  will 
need  to  address  nagging  user 


concerns  about  IP  telephony’s 
sturdiness  and  ability  to  reduce 
IT  costs. 

VoiceCon  is  one  of  the  few  IT 
trade  shows  holding  its  own  in 
this  difficult  economy  Three  thou¬ 
sand  are  expected  to  attend, 
which  would  be  an  increase  of 
300  over  last  year.  The  number  of 
exhibitors  is  up  to  54  from  44  at 
last  years  show. 

As  will  be  evidenced  at  the 
show,  IP  voice  vendors  are  mov¬ 
ing  toward  opening  up  and  mod¬ 
ularizing  various  parts  of  corpo¬ 
rate  telephony  that  are  consoli¬ 
dated  into  one  or  two  boxes  in 
the  proprietary  PBX  world. 
Equipment  makers  say  this  could 


help  make  corporate  phone  and 
messaging  systems  less  expensive 
to  buy  and  maintain. 

One  analyst  says  the  move  to 
modularity  is  a  long  time  com¬ 
ing  for  telephony  gear. 

“Overall,  the  telecom  industry 
has  been  about  25  years  behind 
the  PC  industry”  says  Brian 
Strachman,  an  analyst  with 
Instat/MDR.  Whereas  many  data 
networks  have  evolved  into  intel¬ 
ligent  PCs  at  the  endpoint 
attached  to  Intel-based  servers, 
telecom  products  have  re¬ 
mained  “mainframe-like,”  Strach¬ 
man  says,  with  centralized  pro¬ 
cessing  and  “dumb”  phone  termi¬ 
nals  as  endpoints.  Migration 


IP  PBX  boom 

IDC  estimates  the 
number  of  installed  IP 
PBXs  will  jump  from  2.6 
million  in  2002  to  34.6 
million  in  2007. 


toward  IP-based  telephony,  with 
voice  as  an  application  running 
on  standard  PC  servers  and  over 
an  IP  network,  could  help  busi¬ 
nesses  lower  the  price  of  voice 
system  hardware  and  mainte¬ 
nance,  he  adds. 

Alcatel  is  introducing  its  Omni- 


Security  tools  headline  Demo  show 

Vendors  launch  intrusion-prevention,  key-distribution  and  vulnerability-assessment  products. 


DEMO 


Show  blogs 

Goto  our  Fusion  blog,  where 
Features  Editor  Neal 
Weinberg  and  Seminars 
and  Events  Editor  Sandra 
Gittlen  will  keep  you  updated 
on  the  coolest  new  products 
being  launched  at  Demo. 

DocFinder:  4348 


www.nwfusion 


More  than  60  products  and  ser¬ 
vices  will  be  launched  this  week 
at  Demo,  a  conference  spon¬ 
sored  by  IDG  Executive  Forums, 
a  division  of  Network  World. 

With  security  uppermost  in 
everyone's  mind  these  days,  we 
selected  three  of  the  most  inter¬ 
esting  security  products  slated  to 
debut  at  the  show  and  asked 
Network  World  Global  Test 
Alliance  partner  Mandy  Andress 
to  evaluate  these  products  from 
BBX,  MagiQ  and  SigmaSecurity. 

Product  OS  Network 
Vendor  BBX  Technologies 
Description:  Intrusion  prevention  for  Windows 
systems 

A  second-generation  intrusion-prevention 
technology  that  acts  as  an  immune  system 
for  Windows-based  machines,  OS  Network 
monitors  kernel  operations  and  can  identify 
unauthorized  executables  or  authorized 
executables  violating  security  policy. 

If  it  finds  an  irregularity,  OS  Network  takes 
action  —  deleting  the  unauthorized  file  and 
restoring  any  system  files  or  registry  entries 
that  might  have  been  corrupted  or  modified. 

Several  other  intrusion-prevention  products 
are  on  the  market,  including  Entercept  and 


Okena  (recently  purchased  by  Cisco).  OS 
Network  differs  from  these  products  by  focus¬ 
ing  solely  on  the  executable.  Okena  focuses 
on  behavior  profiling  and  Entercept  focuses 
on  specific  attacks,  such  as  buffer  overflows. 
OS  Network  does  not  prevent  the  attack.  It  pre¬ 
vents  the  executable  from  causing  any  dam¬ 
age  to  the  system.  Additionally  OS  Network  is 
designed  to  work  on  servers,  desktops  and 
laptops.  Another  version  of  the  product,  OS 
Network  Extend  Shield,  is  available  to  protect 
the  content  of  static  Web  sites. 

After  installation,  OS  Network  takes  a  base¬ 
line  of  the  system  and  uses  that  information  to 
monitor  for  new  and  unauthorized  executa¬ 
bles.  Centralized  management  is  available  for 


administration,  logging  and 
reporting.  If  administrators 
need  to  install  new  software 
on  protected  systems,  they 
“lower  the  shield,”  install  the 
necessary  applications,  then 
raise  the  shield  to  re-enable 
protection. 

OS  Network  does  not 
require  signatures  or  periodic 
updates  to  function  properly 
Once  installed  and  the  policy 
set,  it  can  continue  securing 
systems  indefinitely  This  low¬ 
ers  administration  costs  and 
provides  more  robust  protection  than  signa¬ 
ture-based  intrusion-detection  products. 

OS  Network  can  best  be  viewed  as  the  last 
layer  in  an  organization’s  comprehensive 
defense-in-depth  strategy  complementing  fire¬ 
walls,  network  intrusion-detection  systems 
and  antivirus  products  already  installed  in  the 
organization.  Intrusion  prevention  has  been 
the  buzzword  in  the  security  industry  the  past 
few  years,  and  the  technology  has  not  yet 
taken  off,  mainly  because  of  end-user  frustra¬ 
tion  with  too  many  false  positives.  Employees 
cannot  do  their  jobs  if  their  computers  are 
constantly  stopping  actions  they  feel  are  mali¬ 
cious  or  against  policy 

See  Demo,  page  18 


PCX  Enterprise,  an  upgrade  of  its 
OmniPCX  4400  phone  switch, 
with  native  support  for  Session 
Initiation  Protocol  (SIP)  and 
H.323.The  box  is  an  Intel  server 
running  Linux, as  opposed  to  the 
proprietary  hardware  and  Unix 
operating  system  used  on  the 
4400  model.  A  digital  card  for 
the  device  will  let  Alcatel’s  cir¬ 
cuit-switched  phones  be  used 
on  the  system  along  with  Alca¬ 
tel’s  existing  H.323-based  IP 
phones. 

Alcatel  is  not  releasing  its  own 
SIP-based  phone,  the  company 
says,  but  the  OmniPCX  Enter¬ 
prise  will  work  with  other  ven¬ 
dors’  SIP-based  phones,  and  is 
certified  to  operate  with  Pingtel’s 
Expressa  SIP  phone  and  Win¬ 
dows  Messenger,  the  SIP-based 
voice,  video  and  instant-messag¬ 
ing  client  in  Microsoft’s  Windows 
XP  operating  system.  Alcatel  says 
the  product’s  nonproprietary 
hardware  and  software  and  its 
ability  to  be  deployed  on  differ¬ 
ent  types  of  SIP  phones  could 
help  businesses  lower  costs. 

Also,  Avaya  is  introducing  two 
messaging  server  products  that 
could  let  customers  deploy  mes¬ 
saging  anywhere  throughout  a 
company  while  supporting  inte¬ 
grated  voice/data  applications. 
Avaya  is  migrating  its  Aria,  Audix 
and  Serenade  voice  mail  plat¬ 
forms  to  its  new  S3400  Messaging 
Server,  which  is  built  on  Intel 
hardware  with  support  for 
Windows  2000  or  Linux  at  the 
operating  system  level.The  S3400 
supports  Multipurpose  Internet 
Mail  Extensions  and  Simple  Mail 
Transfer  Protocol,  which  let  voice 
mail  messaging  integrate  with 
e-mail  clients  more  easily. 
Lightweight  Directory  Access 
See  VoiceCon.  page  16 
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■  flu  Good The  Bad  ’h  Ugly 

<g>  He  should  know.  Moore's  Law  has  at  least  another  10  years 
of  life  left  in  it.  Says  who?  Gordon  Moore,  Intel  co-founder  and  author  of 
the  axiom  that  holds  that  the  number  of  transistors  on  a  chip  doubles  every 
couple  of  years.  "Another  decade  is  probably  straightforward,"  Moore  said 
at  a  conference  last  week.  "There  is  certainly  no  end  to  creativity." 


Powell  puts  brakes  on  UNE-P  vote 

■  Federal  Communications  Commission  Chairman  Michael  Powell 
postponed  the  commissions  vote  on  unbundled  network  element- 
platform  changes  scheduled  for  last  week  after  a  Republican  com¬ 
missioner  submitted  a  rival  plan  that  won  the  support  of  the  FCCs 
two  Democratic  commissioners,  according  to  several  media 
reports  citing  anonymous  insider  sources.  Powell  had  hoped  to 
pass  a  plan  that  gradually  would  phase  out  UNE-Ps.The  rival  plan 
would  let  individual  states  decide  whether  to  keep  UNE-P  The  vote 
is  scheduled  for  this  week. 

Final  HIPAA  standards  published 

■  The  Health  and  Human  Services  Administration  announced  last  week  that  the  final 
security  standards  for  the  Health  Insurance  Portability  and  Accountability  Act  of  1996 
have  been  published.The  security  portion  deals  with  the  confidential, secure  storage  and 
transmission  of  patient  health  information.  It  works  in  concert  with  a  privacy  portion,  for 
which  IT  organizations  have  to  establish  procedures  by  April  14.  Most  healthcare  organi¬ 
zations  will  have  until  April  21,2005  to  fully  comply. The  final  standards  are  available  at 
www.nwfusion.com,  DocFinder:  4349.  See  related  story  page  20. 

NIST  issues  border  ID  recommendations 

■  The  National  Institute  of  Standards  and  Technology  has  recommended  using  finger¬ 
print  and  facial  recognition  technology  for  identification  purposes  at  the  nations  borders. 
A  NIST  study, mandated  under  the  Patriot  Act  and  the  Enhanced  Border  Security  Act, states 
that  at  least  two  fingerprints  should  be  used  to  positively  identify  visa  applicants.  NIST  also 
recommends  a  dual  system  of  face  and  fingerprints  to  verify  the  identity  of  visa  holders 
at  points  of  entry  into  the  U.S. 


Hacker  target  Notorious  hacker  Kevin  Mitnick’s  company, 
Defensive  Thinking,  last  week  acknowledged  that  its  Web 
site  has  been  hacked.  "I  suppose  if  you  were  a 
hacker  and  wanted  to  prove  your  skills, 
this  is  the  place  to  go.  It  reminds  me 
of  the  movie  ‘The  Gunflghter,'"  said 
Mitnick,  whose  federal  probation 
on  hacking  charges  ended 
recently.  The  whole  thing  smacks 
of  a  marketing  stunt  to  us. 


Goodbye  Dell, 

hello  cell?  Actor  Benjamin 
Curtis,  the  "Dude,  yer  gettin'  a  Dell" 
guy  of  advertising  fame  (or  infamy), 
was  arrested  last  week  in  New  York 
for  allegedly  possessing  marijuana. 
That's  a  misdemeanor  charge  that 
carries  a  prison  sentence  of  up  to  three 
months  in  the  event  of  a  conviction.  No 
word  yet  on  whether  the  situation  will 
result  in  Curtis'  relationship 
with  Dell  going  up  in  smoke, 
but  the  company  has  already 
largely  phased  out  its  Dude 
ads  in  favor  of  ads  featuring 
a  gang  of  eager  interns.  > 


IAN  GAIDRY 


Sun  memo  shows  Java  in  bad  light . . . 

■  Senior  engineers  at  Sun  had  serious  doubts  about  using  Java  to  build  commercial 
applications  for  the  company’s  Solaris  operating  system,  according  to  a  memo  writ¬ 
ten  by  a  Sun  engineer  that  recently  was  leaked  onto  the  Internet.“While  the  Java  lan¬ 
guage  provides  many  advantages  over  C  and  C++,  its  implementation  on  Solaris  pre¬ 
sents  barriers  to  the  delivery  of  reliable  applications. These  barriers  prevent  general 
acceptance  of  Java  for  production  software  within  Sun,”  according  to  the  memo. The 
undated  memo  appears  as  something  of  an  embarrassment  for  Sun,  suggesting  that 
the  company  had  trouble  implementing  Java,  which  it  invented,  on  its  operating  sys¬ 
tem. The  company  downplayed  the  significance  of  the  memo,  however,  calling  it  “a  2- 
year-old  document,  which  refers  to  an  old  implementation  of  Java  technology.  It 
doesn’t  represent  Sun’s  position  or  the  reality  of  our  implementation  today  The  issues 
mentioned  in  the  memo  are  irrelevant  at  this  point,”  the  company  said  in  a  statement. 

. . .  while  Microsoft  counters  Java  ruling 

Microsoft  last  week  continued  its  quest  to  turn  the  tide  in  an  antitrust  case  brought 
'  it  by  rival  Sun  by  asking  the  U.S.  Court  of  Appeals  for  the  Fourth  Circuit  to  set  aside  ! 


Biblical  Web  services 

A  Gret  ■  iox  church  has  a  public  Web  service  that  lets  you  get  a  verse  of  the 

Bible  b  in  a  SOAP  message  with  the  verse's  number. 

Read  more  at  u  ww.nwrusion.com,  DocFinder:  4345. 


an  injunction  ordering  Microsoft  to  offer  Sun’s  Java  with  Windows  XP  and  some  versions  of 
Internet  Explorer.  The  initial  injunction  was  granted  in  December,  but  delayed  last  month 
by  the  appeals  court  for  further  review.  Microsoft  argues  that  Sun  has  not  shown  it  suffered 
immediate  and  irreparable  harm,  which  is  required  to  enter  a  preliminary  injunction. 

Sprint  saga  continues 

■  As  Sprint  and  BellSouth  work  with  a  court-ordered  arbitrator  to  determine  whether 
BellSouth  Executive  Vice  President  Gary  Forsee  can  become  Sprint’s  new  chief.  Sprint’s 
current  top  executives  remain  on  hold  (see  related  story,  page  28).  Sprint’s  board  of 
directors  reportedly  is  pushing  Chairman  and  CEO  William  Esrey  and  President  and 
COO  Ronald  LeMay  out  the  door  because  of  questionable  practices  regarding  their  per¬ 
sonal  taxes.  In  a  new  twist  last  week,  Sprint  accounting  firm  Ernst  &  Young  is  saying  that 
the  stock  options  involved  in  the  tax  shelters  it  advised  for  Esrey  and  LeMay  should  be 
taxed  after  all. 

Bush  in  cyberspace 

■  On  Friday,  the  White  House  released  the  “National  Strategy  to  Protect  Cyberspace,” 
which  pulls  back  from  some  of  the  more  controversial  statements  of  the  earlier 
draft, particularly  regarding  ISPs  or  universities  failing  to  do  as  much  as  they  might  to 
help  secure  networks.But  the  final  report  does  touch  on  some  newer  areas  of  interest 
to  the  White  House,  which  wants  to  see  federal  agencies  pull  together  under  the  newly- 
formed  Department  of  Homeland  Security  to  have  a  24-7  cyberspace  response  center. 
The  report  advocates  having  the  General  Service  Administration  and  other  agencies  set 
up  “test  beds"  to  learn  how  to  patch  computer  systems  quickly.  The  report  also  urges 
agencies  to  practice  "cyberspace  preparedness”  exercises  as  the  Defense  Department 
now  does. 


Building  carrier  class  enterprise  networks 


Availability  in  enterprise  networks  has  improved  in  recent 
years  -  but  it's  come  at  a  price,  and  still  doesn't  approach  what 
you  expect  from  carrier  networks. 

Is  your  data  network  less  important  than  your  voice  network? 
In  many  cases,  it's  even  more  critical. 

Building  a  carrier  class  enterprise  network  means 
continuous  network  operation  from  the  edge  to  the 
core,  so  that  network  failures  have  zero  impact  to 
the  end  user  and  mission-critical  applications  are 
always  accessible. 


Alcatel's  next-generation  enterprise  products  have  integrated 
technologies  that  ensure  carrier  class  availability  and  high 
performance  to  the  enterprise,  without  a  cost  premium. 

Alcatel  has  a  history  of  innovation  and  proven 
leadership,  and  has  been  building  carrier 
networks  around  the  world  for  over  half  a  century. 

Carrier  class  is  a  distinction  you  have  to  earn. 
We've  earned  it  and  now  deliver  it  to  your 
enterprise  with  the  next  generation 
OmniSwitch  family. 


Alcatel  redefines  availability 
for  the  enterprise 


www.alcatel.com/  enterprise 

(800)  995-2612 
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!BM  bolsters  blade  server  lineup 


■  BY  ANN  BEDNARZ 

ARMONK.N.Y —  IBM  is  beefing 
up  capacity  and  adding  ad¬ 
vanced  network  features  to  its 
blade  server  family,  which  the 
computer  giant  envisions  could 
change  the  way  companies 
assemble,  provision  and  manage 
their  data  center  resources. 

On  tap  this  year  from  IBM  is  an 
embedded  Layer  4/Layer  7  LAN 
switch  module;  four-way  blades 
based  on  Intel  processors  and 
IBM's  own  Power  technology;  and 
faster  Intel  chips  for  IBM’s  existing 
two-way  blade  products. 

Blade  servers  pack  more  com¬ 
puting  power  into  smaller  con¬ 
tainers  than  their  traditional  rack¬ 
mounted  server  brethren,  letting 
companies  save  precious  data 
center  space.  They  share  re¬ 
sources  such  as  power  supplies 


and  cooling  fans, and  consolidate 
server  cabling  requirements  for 
components  such  as  a  mouse, 
keyboard  and  printer. 

Blade  servers  also  enable  multi¬ 
server  management  capabilities, 
which  is  something  customers 
have  sought  for  years,  says  David 
Freund,  an  analyst  at  Illuminata. 
(See  related  story,  page  23.) 

RLX  Technologies  and  Egen- 
era  were  the  first  to  market 
blade  servers,  followed  by  the 
major  server  players  HR  Dell, 
IBM  and  Sun. 

IBM,  which  began  shipping 
blade  servers  in  December, 
expects  2003  will  be  the  year  of 
the  blade  server,  says  Jeff  Benck, 
director  of  IBM’s  eServer  line. 
Already  IBM  has  sold  5,000 
blades,  Benck  says.  According  to 
The  Yankee  Group,  the  worldwide 
market  for  blade  servers  will 


explode  from  $95  million  in  2002 
to  $3.78  billion  by  2006. 

IBM’s  current  eServer  Blade- 
Center  chassis  can  accommo¬ 
date  up  to  14  two-way  Intel  Xeon 
processor-based  blades  in  a  7U- 
high  enclosure  and  features  an 
integrated  Ethernet  LAN  switch. 
The  chassis  also  includes  a  2G 
bit/sec  Fibre  Channel  switch  and 
offers  optional  Fibre  Channel 
connections  to  external  storage- 
area  networks  (SAN). The  chassis 
is  designed  to  accommodate 
future  InfiniBand  connections, 
IBM  says. 

Big  Blue  planned  ahead  when 
designing  its  chassis,  Freund  says. 
“IBM  overengineered  Blade- 
Center  and  gave  it  incredibly 
beefy  power  supplies  and  airflow 
characteristics  that  were  just  mas¬ 
sive  overkill  for  the  servers  they 
were  first  shipping.  But  what  they 


Net  App  embraces  iSCSI 


ISCSI  in  action 

Network  Appliance’s  support  for  iSCSI  will  let  companies 
transport  SCSI  data  over  existing  Ethernet  LANs. 

l  An  end  user  makes  a  file  2  The  server,  outfitted  with  an  Intel  Pro/IOOOT  IP  Storage 
request  to  a  server.  Adapter,  routes  the  request  to  a  Network  Appliance  file  server. 


End  user 


Request 


Gigabit  Ethernet  backbone 


1 


Server  with 
Intel 

Pro/IOOOT 
IP  Storage 
Adapter 


3  The  file  server,  with  Network  Request  file 


Appliance  iSCSI  software 
loaded,  retrieves  the  file  and 
delivers  it  to  the  user  over 
Ethernet  via  iSCSI  protocol. 


via  iSCSI 


Request 


Network  Appliance  file 
server  with  iSCSI 


■  BY  DENI  CONNOR 

SUNNYVALE,  CALIF  —  Net¬ 
work  Appliance  didn’t  waste  any 
time  last  week,  announcing  sup¬ 
port  for  iSCSI  on  two  existing 
arrays/file  servers  just  as  the  pro¬ 
tocol  was  becoming  an  Internet 
Engineering  Task  Force  pro¬ 
posed  standard. 

The  iSCSI  specification,  which 
was  given  the  go-ahead  by  the 
IETF’s  governing  body  lets  SCSI 
data  be  transported  across  IP  net¬ 
works,  such  as  Ethernet.  Prop¬ 
onents  say  iSCSI  promises  storage 
networks  that  are  less  expensive 
and  more  flexible  than  Fibre 
Channel-based  storage  networks. 

Network  Appliance,  in  addition 
to  IBM,  is  among  the  first  major 
storage  suppliers  to  adopt  iSCSI  in 
an  array  or  file  server.  Other  com- 
panies.such  as  Nishan  Systems, support  the  technol¬ 
ogy  in  storage  routers. 

“Network  Appliance  is  enabling  a  more  flexible 
approach  for  customers  that  want  to  use  IP  for  stor¬ 
age"  says  Jamie  Gruener,  a  senior  analyst  with  The 
Y.uikee  Group.“Having  the  target  environment  [the 
•  may  file  sender]  ready, should  go  a  long  way  toward 
driving  iSCSI  adoption." 

N*  ’  M»rk  Appliance’s  iSCSI  support  entails  free  soft- 
for  its  FAS900  and  F800  series  arrays/file 
servers,  and  a  $700  Intel  Pro/IOOOT  IP  storage 
adapter  it '  reside  in  a  host  server. 

One  usi  ays  he  will  test  iSCSI,  which  can  handle 
block-level  t  .  as  a  complement  to  other  protocols 
such  as  Network  File  System  (NFS). 

“We  have  some  information  that  can’t  run  over 


NFS,” says  Joe  Bishop,  database  systems  engineer  for 
Titan  Averstar,  working  out  of  the  Jet  Propulsion 
Laboratory  in  Pasadena,  Calif. “For  users  who  need 
SCSI  for  their  low-level  Solaris  data,  we’re  looking  at 
iSCSI  to  get  the  data  to  our  Net  App  filer!’ 

In  other  Network  Appliance  news,  the  company 
says  it  has  doubled  the  capacity  of  its  NearStore 
R150  array  to  24  terabytes.The  array,  which  uses  inex¬ 
pensive  Advanced  Technology  Attachment  drives,  is 
primarily  for  storing  images  that  don’t  change  over 
time  or  as  a  repository  for  data  that  has  been  backed 
up.  The  array,  which  starts  at  $250,000  for  the  24- 
terabyte  edition,  also  will  now  serve  as  a  back-up 
appliance  for  storage  arrays  from  other  vendors, 
including  EMC,  HP  and  Hitachi. 

Network  Appliance:  www.networkappliance.com 


Blade  conditions 

IBM  is  off  to  a  quick  start  selling  blade  servers,  but 
interoperability  challenges  remain. 


Strengths 


•  Consistent  management 
software  across  multiple  IBM 
server  products. 

•  Existing  chassis  can  handle 
excess  heat  generated  by  future 
four-way  blades. 

•  Broad  operating  system  support. 


Challenges 


•  Lacks  support  for  third-party 
storage  arrays. 

•  Lacks  management  capa¬ 
bilities  for  third-party  blade 
products. 


had  in  mind  was  to  come  out 
with  even  more  powerful  things,” 
Freund  says. 

Later  this  year,  IBM  plans  to  un¬ 
veil  a  third-party-built  Layer  4/ 
Layer  7  switch  module.  IBM  has 
been  working  with  switch  ven¬ 
dors  such  as  Nortel  and  Cisco  to 
create  a  module  with  more  ad¬ 
vanced  network  capabilities 
than  those  in  its  current  LAN 
switch  module,  which  is  a  basic 
Layer  2  switch  for  handling  con¬ 
nectivity  of  the  14-server  chassis, 
Benck  says. 

“We  recognize  that  while  we 
have  the  server  expertise,  when 
it  comes  to  networking  and 
some  of  the  software  solutions, 
we  need  partners  to  deliver  a 
complete  set,”  he  says.“Layer  4  to 
Layer  7  is  one  of  the  areas  that 
we’re  very  focused  on.  It’s 
absolutely  on  our  road  map,  and 
you’ll  see  it  this  year.” 

Higher-layer  switch  functions 
mean  users  could  potentially  use 
the  BladeCenter  for  network  traf¬ 
fic  routing  and  server  load  bal¬ 
ancing  and  resource  allocation, 
eliminating  the  need  for  dedi¬ 
cated  devices,  analysts  say. 

IBM  also  is  planning  a  perfor¬ 
mance  lift  for  its  two-way  blades. 
Over  the  next  few  months,  IBM 
will  boost  processing  power  in  its 
BladeCenter  HS20  product  from 
2.4-GHz  Intel  Xeon  processors  to 
2.6-GHz  and  2.8-GHz  processors. 

Later  in  the  year,  IBM  plans  to 
roll  out  a  four-processor  Intel- 
based  blade,  and  another  based 
on  IBM’s  Power  processor  tech¬ 
nology,  which  runs  IBM’s  AlX-fla- 
vor  Unix  systems.  Users  will  be 
able  to  insert  the  higher-perfor¬ 
mance  four-processor  blades, 
which  can  support  64-bit  applica¬ 
tions,  into  their  existing  chassis, 
Benck  says. 

The  four-way  blades  will  allow 
for  broader  operating  system  sup¬ 
port.  IBM’s  blades  today  support 


32-bit  Microsoft  Windows  2000 
Server  and  Advanced  Server,  Red 
Hat  Linux,  SuSE  Linux  and  Novell 
NetWare  operating  systems.“As  we 
move  to  Power  processing  tech¬ 
nology  we  will  be  able  to  support 
AIX  as  well,”  Benck  says. 

Four-way  blades  are  geared  for 
workload-intensive  applications, 
such  as  messaging,  database  and 
ERP  applications. To  the  Genome 
Sequencing  Center  (GSC)  at 
Washington  University  in  St. 
Louis,  IBM’s  four-way  technology 
is  promising.  “Anything  that  in¬ 
creases  density  we’re  interested 
in,”  says  Kelly  Carpenter,  IT  man¬ 
ager  for  GSC,  which  runs  com¬ 
pute-intense  bioinformatics  and 
DNA-sequencing  applications. 

GSC  started  looking  into  blade 
servers  to  increase  its  compute- 
power  per  square  foot,  Carpenter 
says.  It  bought  a  75-blade  Blade- 
Center  system,  which  is  slated  to 
go  into  production  the  first  week 
of  March.  Before  the  BladeCenter 
buy,  “we  hadn’t  particularly  been 
a  big  IBM  site,’lCarpenter  says. 

But  while  the  other  blade  serv¬ 
er  vendors  were  working  with 
Pentium  3  blades,  IBM  was  one 
of  the  first  to  offer  a  Rsntium  4 
Xeon  blade,  he  says.  That 
clinched  the  deal. 

IBM  isn’t  the  only  vendor  target¬ 
ing  storage  connectivity  and  hefti¬ 
er  processing.  HP  in  January 
announced  a  four-processor  serv¬ 
er  blade,  the  HP  ProLiant  BL40p, 
which  enables  Fibre  Channel 
SAN  and  network-attached  stor¬ 
age  connections.  It  will  begin 
shipping  next  month,  HP  says. 
HP’s  existing  dual-processor  Pro¬ 
Liant  BL20p  blade  server  also  fea¬ 
tures  SAN  connectivity. 

For  its  part,  Sun  last  week 
announced  a  64-bit  blade  server 
that  uses  its  UltraSPARC  proces¬ 
sor.  It  also  announced  plans  for  a 
32-bit  blade  with  an  Intel-compat¬ 
ible  processor.  ■ 


Want  to  cut  your  IT  costs  without  sacrificing 
performance?  PRIMEPOWER  Servers  from  Fujitsu. 


■  The  secret  is  out.  PRIMEPOWER'"  Solaris™- compatible 
servers  from  Fujitsu®  deliver  a  major  breakthrough  in 
price/performance  compared  to  our  more  famous 
competition.  Want  proof?  PRIMEPOWER  servers  offer 
such  an  advantage  that  the  world’s  leading  com¬ 
panies  use  them  to  boost  their  performance.  And  there’s  a 
PRIMEPOWER  server  that’s  right  for  any  application  you  need  — 
from  single  CPU,  rack-mounted  servers  to  enterprise-ready 
systems  that  scale  to  1 28  CPUs  for  unsurpassed  performance  in 
the  data  center. 

Of  course,  it’s  not  just  the  hardware  you’re  buying.  It’s  also 
Fujitsu’s  30+  years  of  experience  supporting  high-perform¬ 
ance,  mission-critical  systems.  We’ve  already  helped  many 
companies  consolidate  their  IT  infrastructures  and  lower  their 
Total  Cost  of  Ownership.  Our  free  white  paper,  The  Why  and 
How  of  Server  Consolidation,  explains  how.  Get  your  copy  at 
www.ftsi.fujitsu.com/ad.  Or  call  (877)  905-3644. 
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Mid  Range  Functionality  Making  it’s  Way  into  the  High  End 


—  By  Steve  Kenniston 

Evolution  of  Storage  Arrays 

Over  the  past  two  years  IT  professionals  have 
seen  a  dramatic  change  in  storage  hardware.  The 
new  shift  today  is  in  making  storage  modular.  We  have 
seen  features  such  as,  dual  redundant  everything, 
higher  RAID  functionality,  performance  and 
snapshotting,  move  from  the  high  end 
storage  arrays  to  the  midrange  and  even  to  some  of 
the  low  end  storage  arrays.  IT  has  come  to  rely  on 
and  even  expect  these  features  all  the  while  expecting 
them  at  considerable  price  reduction. 

As  this  modularity  shift  takes  place,  the  real 
question  becomes,  "What  happens  at  the  high  end 
of  the  storage  market?"  The  reality  is  that  there  will 
always  be  a  segment  of  the  IT  community  that  has 
requirements  for  both  heavy  I/O  bandwidth  and 
some  sort  of  global  caching  requirements  that  can 
handle  sustained  performance  and  keep  that 
performance  when  there  are  "load  hits".  This  group 
of  users  will  always  spend  money  seeking  the  benefit 


By  centralizing  the  storage, 
all  the  ancillary  processes  that 
come  with  managing  storage,  such 
as  replication  and  backup,  become 
easier  and  less  costly  for  IT. 


of  the  highest  performance  arrays.  Until  recently, 
the  size  of  the  enterprise  market  was  finite  however, 
the  prospects  of  modularity  clearly  expand  the 
opportunities.  So  the  next  question  becomes  what 
features  are  end  users  requesting  in  this  space. 
Much  like  the  enterprise  features  have  moved 
their  way  into  the  midrange,  we  now  expect  to  see 
the  benefits  of  midrange  modularity  move  into  the 
enterprise.  Figure  1  shows  that  over  time,  func¬ 
tionality  has  moved  its  way  into  the  midrange 
and  low  end,  while  modularity  is  moving  its  way 
into  the  high  end.  End  users  are  now  getting 
more  functionality  in  the  midrange  and  low  end 
for  less  money  and  getting  more  performance 
and  flexible  scalability  (though  modularity)  in 
the  high  end  for  a  lower  cost  of  entry. 

Modularity  at  the  High-End 

As  grid  computing  takes  off  over  the  next  few 
wars,  it  will  be  the  job  of  the  storage  vendors  to  be 
able  to  keep  up  with  the  performance,  scalability 


and  flexibility.  The  only  way  this  will  happen  is  to 
make  storage  as  modular  as  the  compute  and 
networking  resources.  The  importance  behind  this 
is  both  ease  of  deployment  and  cost.  IT  consumers 
are  getting  used  to  the  "pay-as-you-grow"  sales 
mantra  that  has  become  popular  in  this  economy.  IT 
professionals  will  be  looking  to  build  very  robust, 
scalable,  high  performing  SANs  with  the  advantage  of 
cost  effective  entry  points 
and  highly  flexible  incre- 
ments  of  storage  capacity 
and  performance  without 
having  to  shell  out  lots  of 
money  to  build  up  the 
infrastructure. 

High-end  storage  always 
used  to  have  the  reputation 
for  being  a  "closed  box" 
system.  By  modularizing 
storage  at  the  high  end,  a 
number  of  opportunities 
open  up  both  inside  and  $$$ 
outside  the  datacenter.  The 
ability  to  have  high  end, 
modular  storage  that  does  not 
have  all  the  power,  cooling 
and  raised  floor  requirements 
that  are  necessary  for  the 
current  high-end  systems, 
provides  opportunities  for 
high-end  computing  in 
remote  offices  (and  decen¬ 
tralized  applications)  and 
removes  network  bottleneck 

issues  that  exist  today.  Modularity  also  opens  up 
new  opportunities  for  IT  professionals  looking  to 
support  critical  applications  and  initiatives  such  as 
datacenter  consolidation,  disaster  recovery  and 
business  continuity.  These  benefits  make  datacenter 
solutions  easier  and  less  expensive  to  build  and  put 
companies  in  a  better  position  to  yield  higher  ROI  on 
business  initiatives. 

Aside  from  high  end  computer  processing,  high 
end  storage  also  helps  IT  with  data  center  consol¬ 
idation.  Data  center  consolidation  is  becoming 
more  important  to  IT  shops.  High  end  storage  gives 
IT  shops  the  ability  to  centralize  storage  capacity, 
performance  and  availability  and  maximize 
management  capabilities.  By  centralizing  the 
storage,  all  the  ancillary  processes  that  come  with 
managing  storage,  such  as  replication  and  backup, 
become  easier  and  less  costly  for  IT.  Storage 
management  software  is  very  important  to  the 


overall  strategy  of  helping  IT  do  their  consolidation 
and  data  management  efficiently.  Technologies  such 
as  SRM,  ARM,  replication  and  backup  are  the  most 
important  issues  to  be  leveraged  in  the  datacenter 
of  today.  The  vendors  who  provide  integration  of 
this  software  with  the  hardware  to  make  the  day  to 
day  management  of  storage  easier,  provide  a  much 
more  compelling  ROI  to  the  end  user. 


Figure  1:  How  Storage  Features  are  Shifting 
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Last  year  was  a  big  year  for  vendors  to  tout  the 
advancements  in  storage  management  software 
and  users  to  start  seeking  better  efficiencies.  This 
year  it  looks  like  we  are  going  to  hear  lot  about  the 
physical  packaging  and  economic  advantage  that 
modularity  is  now  set  to  play  in  the  future  of  both 
enterprise  and  utility  storage  infrastructure. 
Modularity  gets  us  there. 


For  more  information  on 
Network  Storage  Solutions  and  the 
Enterprise  Storage  Group,  go  to: 
www.enterprisestoragegroup.com 
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EMC  REDEFINES 
HIGH-END  STORAGE. 

Again. 

Introducing 
Direct  Matrix 
Architecture: 

Only  Symmetric 

DMX  HAS  IT. 


IEMC’s  new  Symmetrix  DMX  series  with  Direct  Matrix  Architecture. 

4  times  the  internal  bandwidth  and  10  times  the  cache  bandwidth  of  any  other  storage  system. 
100%  software  compatibility.  Unprecedented  application  performance,  protection  and  availability. 
And  all  with  surprising  affordability.  Now  high-end  storage  has  a  new  high  end. 

emc.com/dmx  or  call  1.866. symm.dmx/i. 866. 796.6369 

EMC'.  EMC.  and  Symmetrix  are  registered  trademarks  and  Direct  Matrix  Architecture  and  where  information  lives  are  trademarks  of  EMC  Corporation. 

All  other  trademarks  used  herein  are  the  property  of  their  respective  owners.  ©2003  EMC  Corporation.  All  rights  reserved. 
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Switch  broadens  wireless  capabilities 

Vivato  offering  blurs  distinction  of  what  wireless  switches  can  do. 


Sharing  the  wealth 


Vivato’s  802.11b  wireless  switch  employs  powerful 
antenna  technology  to  share  bandwidth  among  clients. 


■  BY  JOHN  COX 

SAN  FRANCISCO  —  Start-up 
Vivato  last  week  released 
details  of  what  it  calls  the  first 
true  Wi-Fi  switch  —  details  that 
add  fuel  to  a  simmering  debate 
over  just  what  constitutes  a 
wireless  LAN  switch. 

The  company  this  week  will 
begin  shipping  to  beta  testers  its 
wall-mounted,  indoor  device, 
which  features  specialized 
antenna  technology  designed  to 
direct,  focus  and  quickly  shift 
narrow  radio  beams  among 
802.1  lb  clients. 

By  contrast,  recently  an¬ 
nounced  wireless  switches  from 
Aruba  Networks, Proxim  and  oth¬ 
ers  are  in  essence  Ethernet 
switches  with  software  that  cen¬ 
tralizes  and  manages  security 
and  access  policies,  and  applies 
higher-layer  switching  functions, 
such  as  quality  of  service,  to  wire¬ 
less  packets.  Most  of  these  ven¬ 
dors  also  plan  to  deploy  stream¬ 
lined  access  points  that  are  little 
more  than  2.4-GHz  radios  teth¬ 
ered  to  the  switch. 

Vivato,  which  started  up  in  late 
2000  and  has  collected  more 
than  $25  million  in  venture  and 
other  funding,  blends  an  Ether¬ 
net  switch  with  an  802.11b 
access  point,  and  a  phased  array 
antenna.  That  combination  is 
designed  to  let  the  switch  per¬ 
form  a  number  of  tasks  unique 
among  indoor  wireless  LANs 
(see  graphic). 

The  sensitive  antenna  locks  on 
to  wireless  clients  and  then 
directs  one  of  up  to  three  narrow, 
focused  1 1 M  bit/sec  radio 
beams  to  each  client. The  beams 
can  jump,  on  a  per-packet  basis, 
from  one  client  to  another, 
according  to  Vivato. 

If  there  are  several  clients  in  the 
beam  path,  the  802.11  protocols 
take  over,  and  the  clients  auto¬ 
matically  share  the  available 
bandwidth,  says  Phil  Belanger, 
vice  president  of  marketing. 


Correction 


tt  In  the  editorial  "WAN  carriers 
rack  and  teeter"  (Feb.  10,  page 
32),  Sprint's  revenue  for  2002 
should  have  been  listed  as  S26.6 
billion. 


The  switch’s  design  lets  the 
radio  beams  reach  900  feet 
inside  a  typical  office  building, 
depending  on  construction  ma¬ 
terials  and  furnishings,  Bel¬ 
anger  says.  By  contrast,  most 
802.11b  access  points,  using  a 
less-sensitive  omnidirectional 
antenna,  have  a  maximum 


range  of  300  feet. 

Belanger  says  extra  range 
means  a  single  Vivato  box  can 
“light  up"  an  entire  office  floor, 
eliminating  the  need  to  spread 
traditional  access  points,  priced 
from  $300  to  $1,200,  all  over  the 
space,  and  then  spend  still  more 
money  to  cable  them  into  a 


wiring  closet.  The  Vivato  switch 
costs  roughly  $9,000. 

All  these  products  are  so  new 
that  the  claims,  or  counterclaims, 
can’t  be  sorted  out  yet.  “This 
[Vivato]  technology  seems  to  be 
an  outdoor  technology, similar  to 
that  used  by  ArrayCom  and  oth¬ 
ers  in  cellular  networks,"  says 
Keerti  Melkote,  vice  president  of 
product  management  for  rival 
start-up  Aruba.  “But  it’s  not 
proven  indoors.” 

Melkote  questions  whether, 
even  if  the  phased  array  anten¬ 
nas  can  transmit  successfully 
over  such  distances,  the  client 
adapter  cards,  with  their  omnidi¬ 
rectional  antennas,  have  enough 
power  to  reach  the  Vivato  switch. 
Another  issue  with  longer  dis¬ 
tances,  he  says,  is  how  Vivato  han¬ 
dles  the  time  limit  for  acknowl¬ 
edgements  between  access 
point  and  client. 

Aruba’s  approach  relies  on  the 
standardization  and  dropping 
costs  of  wireless  access  points, 
he  says.  This  trend  will  let  enter¬ 
prise  users  pack  inexpensive 
access  points  in  fairly  dense  con¬ 
centrations,  to  ensure  that  all 


users  have  optimal  throughput. 

“This  is  silly”  says  Doug  Klein, 
CTO  for  Vernier  Networks, 
which  offers  what  it  calls  a  con¬ 
trol  server  to  centralize  security 
and  management  for  wireless 
LANs. “Everyone  is  now  arguing 
about  the  semantics  of  what  is  a 
switch.” 

He  argues  that  these  new  prod¬ 
ucts  are  addressing  real  prob¬ 
lems  but  are  doing  so  with  pro¬ 
prietary  technologies.  Ethernet 
succeeded,  and  802.11  has 
begun  to  catch  on  in  corpora¬ 
tions,  because  of  accepted  stan¬ 
dards,  he  says.  Standards  also  are 
needed  to  address  issues  regard¬ 
ing  handling  wireless  packets, 
managing  thousands  of  access 
points  and  enabling  wired  infra¬ 
structure  to  deal  with  mobile 
clients,  he  adds. 

“All  the  end  users  really  care 
about  is  ‘What  is  my  aggregate 
throughput?’  and  ‘Can  I  maintain 
that?”’  Klein  says. 

Vernier  and  other  wireless  gate¬ 
way  companies  such  as  Cranite 
and  Bluesocket  are  moving  to 
extend  their  existing  products  to 
become  more  like  switches.  ■ 


Array  device  protects  biz  traffic 


■  BY  TIM  GREENE 

CAMPBELL,  CALIF  —  Array  Networks  is 
introducing  security  hardware  and  software 
that  could  make  it  possible  for  businesses  to 
reduce  the  number  of  devices  they  use  to 
protect  their  networks  from  Internet-borne 
threats. 

Array  SP  6.0  can  inspect  and  filter  HTTP 
traffic  as  well  as  decrypt  and  filter  Secure 
Sockets  Layer  (SSL)  traffic  that  typically  is 
allowed  to  pass  freely  through  firewalls.  It 
also  will  load-balance  among  the  Web 
servers  it  protects,  cache  frequently  accessed 
sites  and  compress  traffic. 

The  latest  version  of  Array's  security  plat¬ 
form  expands  the  role  of  the  device,  which 
sits  on  the  LAN  side  of  corporate  firewalls, 
where  it  inspects  Web  traffic.  Formerly,  the 
device  acted  as  a  proxy  between  remote 
users  and  Web  servers  in  corporate  networks. 
Remote  users  create  SSL  links  with  the  Array 
box,  and  it  acts  as  a  go-between  with  Web 
servers  on  the  LAN. 

Array  is  among  a  group  of  vendors,  includ¬ 
ing  Fortinet,  NetContinuum,  TippingPoint 
Technologies,  Blue  Coat  Systems  and  F5 
Networks,  trying  to  offer  security  and  traffic 
management  in  one  device,  says  Richard 


Steinnon,  research  direc¬ 
tor  for  network  security 
at  Gartner.  The  key  prob¬ 
lem  that  needs  address¬ 
ing  is  that  Internet  traffic 
and  attachments  that 
come  into  Web  and  mail 
servers  can  carry  viruses 
and  worms.  “Gartner 
sees  the  need  for  appli¬ 
cation-layer  defenses  in  front  of  those 
servers,”  he  says. 

Such  application-layer  firewalls  sit  in  the 
same  spot  on  the  network  where  load  bal¬ 
ancers  and  SSL  accelerators  are  located, so  it 
makes  sense  for  them  to  include  those  func¬ 
tions,  Steinnon  says. 

“This  reduces  network  complexity  dramati¬ 
cally  says  Chris  Maune,  director  of  business 
development  and  product  marketing  at  Sun, 
which  is  looking  at  the  Array  gear  for  possi¬ 
ble  partnerships. 

The  primary  value  of  the  Array  SP  device 
is  that  it  can  secure  and  simplify  access  to 
Web  servers,  says  Andy  Sutton,  manager  of 
network  services  for  Texas  Health 
Resources,  a  hospital  system  in  Arlington, 
Texas.  It  secures  access  by  creating  SSL 
remote  access  links  over  the  Internet  from 


Web  browsers.  Software 
does  not  need  to  be 
installed  on  the  remote 
machines,  Sutton  says. 

Also,,  by  proxying  to 
Web  servers,  Array  SPs 
eliminate  the  need  to 
physically  move  the 
servers  into  a  secure  net¬ 
work  segment  separate 
from  the  rest  of  the  LAN,  saving  a  large 
investment  in  time  and  effort,  he  says. 

The  heart  of  Array’s  technology  is  the  abil¬ 
ity  to  decrypt  and  dissect  packets  once  and 
then  share  the  information  with  multiple 
applications,  reducing  delay  and  process¬ 
ing  power  required  to  perform  multiple 
functions.  “They  tear  down  packets  and 
pass  them  through  a  series  of  filters  for 
virus  signatures,  protocol  anomalies  and 
key  words,”  Steinnon  says. 

Array  SP  6.0  is  based  on  new  hardware 
that  boosts  its  encryption  speed  by  30% 
and  increases  the  number  of  simultaneous 
Web  sessions  it  supports  from  600  to 
32,000.  It  will  be  available  next  month  for 
$50,000.  A  smaller  version,  Array  SP-C,  costs 
$15,000. 

Array:  www.arraynetworks.net 


Array  Networks'  Array  SP  blends  secu¬ 
rity  and  traffic-management  features. 
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THE  PRESSES  CAN’T  STOP  when  a 

newspaper  moves  to  IP  telephony.  So 

The  Seattle  Times  tapped  Avaya  for  a 

high-performance  voice  and  data  network 

as  reliable  as  voice  alone. 

In  the  state  of  Avaya,  you  get  to  IP  telephony 

on  your  own  path,  at  your  own  pace.  And 

here’s  the  really  big  news:  for  the  cost  of  a 

standard  PBX  upgrade.  Avaya  Enterprise  Class 

IP  Solutions  (ECU PS),  powered  by  Avaya 

MultiVantage™  Software,  are  standards-based. 

They’re  open  to  evolving  your  existing 

network.  They’ll  even  play  nice  with  your 

multi-vendor  environment.  The  Seattle  Times 

saved  over  $180,000  in  related  costs  the  first 

year  alone.  Without  missing  a  deadline.  Visit 

avaya.com/ip  to  access  our  ROI  tools  for 

IP  telephony.  Or  call  866-GO  AVAYA. 

IP  Telephony 

Contact  Centers 

Unified  Communication 

Services 

Seattle  Timed  goe& 
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U.S.  backs 
Enum  net¬ 
work  phone 
initiative 

■  BY  GILLIAN  LAW 

The  U.S.  Department  of  Com¬ 
merce  has  recommended  that 
the  U.S.join  an  international  elec¬ 
tronic  numbering  domain  sys¬ 
tem  called  Enum. 

Enum  lets  an  end  user  type  a 
telephone  number  into  a  Web 
browser  and  access  a  listing  of 
Internet  resources  for  that  num¬ 
ber,  such  as  addresses  for  IP  tele¬ 
phony,  e-mail  or  Web  sites.The  In¬ 
ternet  Engineering  Task  Force 
developed  it  and  is  implementing 
it  in  coordination  with  the  Inter¬ 
national  Telecommunications 
Union  (ITU)  and  the  Internet 
Architecture  Board  (IAB).  The 
IAB  has  set  aside  a  global  do¬ 
main,  e!64.arpa,  for  the  system. 

Under  the  protocol,  each  users 
phone  number  would  be  translat¬ 
ed  to  an  Enum  identifier.  The 
number  +44  20  7291  5981,  for 
example,  would  become  1. 8.9.5. 
1.9.2.7.0.2.4.4.el64.arpa.  The  E- 
num  system  would  then  recog¬ 
nize  all  addresses  and  numbers 
associated  with  that  signifier. 

In  a  letter  posted  to  the  Com¬ 
merce  Departments  Web  site  last 
week,  National  Telecommunica¬ 
tions  and  Information  Administra¬ 
tion  (NT1A)  administrator  Nancy 
Victory  wrote  to  the  U.S.  Depart¬ 
ment  of  State  that  Enum  “has  the 
potential  to  facilitate  conver¬ 
gence  of  communications  net¬ 
works  by  linking  e-mail  addresses, 
telephone  numbers,  fax  numbers 
and  cell  phone  numbers  for  indi¬ 
viduals  or  businesses." 

The  U.S.  should  “seize  this 
opportunity  and  take  steps  to 
participate, "Victory  said. 

Thus  far,  13  ITU  member  coun¬ 
tries  have  opted  into  el64.arpa 
and  are  beginning  trials  to  estab¬ 
lish  Enum  services.  It  is  time  for 
the  U.S.  to  become  more  active 
on  this  issue, she  said, she  said. 

The  NTIA  has  developed  princi¬ 
ples  to  ensure  Enum  can  be  im¬ 
plemented  while  protecting  com¬ 
petition,  interoperability,  security 
and  privacy.  These  include  pre- 
serving  national  sovereignty  and 
the  right  to  decide  if  Enum  will  be 
implemented,  the  letter  said. 

Law  is  a  correspondent  with  the 
IDG  News  Service 's  London 
bureau. 


VoiceCon 

continued  from  page  7 

Protocol  support  also  can  let  the 
device  integrate  with  other  user 
directories,  enabling  single  sign- 
on  to  voice  and  e-mail,  while 
making  user  accounts  easier  to 
administer. 

The  S3400  will  support  H.323 
and  SIP  IP  telephony  protocols 
(expected  to  be  available  later 
this  year),  which  will  let  the 
device  be  attached  anywhere  in 
a  corporate  LAN  or  over  a  WAN; 
traditional  voice  mail  servers 
required  ISDN  or  T-l  interfaces 
directly  to  a  PBX. 

Siemens  is  going  along  with 
the  modularity  trend  by  rebrand¬ 
ing  its  IP  PBX  software  as  a  sepa¬ 
rate  platform  it  calls  Com- 


LAN  switch 


Potential  added 
costs  with  VoIP 

Users  and  experts  say  the 
proposed  cost  advantages 
of  IP  telephony  could  be 
offset  by  LAN  upgrades 
that  might  be  necessary 
to  support  voice. 

IP  PBX 


PC  with  softphone  IP  phone 


1  IP  PBXs: 

•  Intel-based  IP  PBX  servers  might 
have  to  be  upgraded  more  frequently 
than  traditional  large  PBXs,  which 
often  have  shelf  lives  of  10-plus 
years. 

•  Risks  of  viruses,  worms  and  DoS 
attacks  to  servers  could  increase 
total  cost  of  ownership. 

2  Network  infrastructure: 

•  Older  switches  and  hubs  that  do  not 
support  QoS  standards  such  as 
802.1p,  802.1Q  or  Diff-Serv  might 
have  to  be  swapped  out. 

•  Power  over  LAN  gear  might  have  to 
be  deployed  if  users  want  to  power 
IP  phones  centrally. 

3  Desktop: 

•  IP  phones  might  require  additional 
outlets  for  power  at  desktops. 

•  Some  IP  phones,  and  soflphones  on 
PCs.  occasionally  need  rebooting: 
traditional  circuit -switched  plioncs 
do  not. 


it  If  we  can  do  that  for  a  nominal  price  and 
give  remote  users  seamless  access  to  our 
phone  system,  then  it  s  worth  it  11 

Scott  Bradley 

Director  of  telecommunications,  Utah  State  University, 
on  incorporating  IP  into  the  campus  phone  system 


Scendo.  ComScendo  will  in¬ 
clude  all  the  features  of  the  past 
HiPath  3000,  4000  and  5000  IP 
PBXs  and  will  come  bundled 
with  those  systems.  Siemens  says 
that  future  versions  of  Com¬ 
Scendo  will  give  users  the 
choice  of  deploying  IP  tele¬ 
phony  call  control  in  various 
server  platforms,  such  as  Unix, 
Windows  or  Linux. 

Siemens  also  is  introducing  the 
optiPoint  400  IP  phone  with  SIP 
and  H.323  support,  and  the 
optiPoint  600  IP/circuit-switched 
phone,  which  works  with  Sie¬ 
mens  IP  and  traditional  PBXs. 
Also  being  released  is  the  new 
optiClient  130  softphone,  which 
gives  users  all  the  HiPath  IP  PBX 
features,  plus  additional  capabili¬ 
ties  such  as  organizing  confer¬ 
ence  calls  by  dragging  and  drop¬ 
ping  names  from  a  directory 
application.  A  USB  handset 
device  for  the  optiClient  130  also 
is  available. 

Mitel  Networks  will  announce 
a  survivability  feature  for  its  ICP 
3300  IP  PBX  that  lets  remote  IPC 
3300s  continue  communicating 
over  ISDN  lines  in  the  event  of 
an  IP  WAN  link  failure.  Mitel  will 
introduce  a  module  for  the  ICP 
3300  that  will  let  Nortel  Norstar 
circuit-switched  PBX  phones  be 
used  with  the  IP-based  Mitel 
box.  The  module  is  based  on 
technology  from  Citel,  which 
makes  a  similar  product  for 
3Com’s  IP  PBX. 

In  addition  to  the  deployment 
benefits  of  these  kinds  of  modu¬ 
lar  systems,  Instat/MDR’s  Strach- 
man  says  IP  voice  technology 
can  help  companies  administer 
large  voice  networks  with  fewer 
people. 

“Over  20%  of  the  [$5  billion] 
PBX  market  revenue  comes  from 
maintenance  and  services,” 
Strachman  says.  The  fact  that 
moves,  adds  and  changes  in  IP 
telephony  are  similar  to  PC 
administration,  and  do  not  have 
to  be  done  by  specialized  staff  or 
consultants,  is  one  of  the  cost 
benefits. 

For  three-year  VoiceCon  veteran 
Scott  Bradley, director  of  telecom¬ 
munications  at  Utah  State  Uni¬ 
versity  in  Logan,  the  idea  of  using 


IP  voice  technology  to  extend  his 
traditional  telephony  service  to 
remote  locations  is  appealing. 

“Many  of  our  [remote  campus 
branches]  could  be  incorporated 
into  our  campus  phone  system 
using  IP,”  Bradley  says.The  school 
is  piloting  IP  PBX  and  phone 
equipment  from  Cisco  in  con¬ 
junction  with  a  large  on-campus 
PBX  from  Intecom,  which  sup¬ 
ports  more  than  5,000  students 
and  faculty“If  we  can  do  that  for 
a  nominal  price  and  give  remote 
users  seamless  access  to  our 
phone  system,  then  it’s  worth  it,” 
he  says. 

Bradley  says  he  likes  the  fact 
that  IP  telephony  will  reduce 
administration  costs  and  allow 
for  less-expensive  telecom  gear 
based  on  commodity  hardware. 
However,  there  are  other  issues  he 
must  factor  in,  such  as  the  price 
he  would  have  to  pay  to  upgrade 
his  LAN  to  support  voice  and 
concerns  about  voice  over  IP 
(VoIP)  security  and  power.  Other 
issues  include  where  IP  telepho¬ 
ny  would  work  best. 

“There  are  two  kinds  of  IP  tele¬ 
phony  in  my  view]’  Bradley  says: 
“inside  the  moat,”  meaning  large 
headquarters  deployments  of  IP 
telephony  to  desktops,  and  “out¬ 
side  the  moat,”  where  VoIP  is 
used  to  connect  remote  offices. 
“IP  telephony  is  more  of  an  out- 
side-the-moat  application,  for 
now,”  he  says. 

Additionally,  Bradley  says,  he 
has  been  disappointed  with  the 
amount  of  features  IP  PBX  ven¬ 
dors  have  had  to  offer  on  their 
gear  —  typically  fewer  than  100 
—  compared  with  the  500-plus 
features  he  has  available  on  his 
PBX. 

“All  those  [PBX  features]  that 
exist  today  have  been  evolving 
over  decades,  and  they’re  all 
there  for  a  reason,”  Bradley  says. 
But  he  adds  that  he  has  seen 
improvement  in  the  market. 

“Every  year  I  come  to  VoiceCon, 
they  seem  to  be  getting  closer,”  he 
says,  referring  to  vendors  deliver¬ 
ing  products  that  he  wants.  ■ 
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McAfee  pumps  up  security  gateway 

CipherTrust,  others  roll  out  new  wares  to  combat  viruses  and  spam. 


■  BY  ELLEN  MESSMER  AND  JASON  MESERVE 

Network  Associates’  McAfee  Security  division  last  week 
introduced  a  version  of  its  antivirus  and  content-filtering 
appliance  that  can  process  twice  the  number  of  messages 
as  the  company’s  previous  high-end  offering  at  just  a  fifth 
more  of  the  price. 

McAfee  says  the  WebShield  el 000,  which  starts  at 
$20,500,  can  scan  160,000  Simple  Mail  Transfer  Protocol 
messages  per  hour  for  worms,  viruses  and  unauthorized 
content.  McAfee  plans  to  add  antispam  technology 
obtained  through  its  recent  acquisition  of  a  company 
called  DeerSoft. 

The  appliance,  which  has  10/1 00M  bit/sec  and  Gigabit 
Ethernet  interfaces,  typically  sits  between  a  firewall  and  a 
corporate  LAN. 

McAfee  competes  with  Symantec  and  others  that  are 
packing  more  capabilities  into  their  security  gateway 
products  that  provide  an  alternative  to  installing  and 
managing  separate  antivirus,  spam-filtering  and  content¬ 
filtering  products. 

“There  can  be  performance  advantages  in  having  the 
varied  security  functions  done  on  one  box  instead  of 
forcing  the  traffic  through  four  or  five  separate  boxes,” 
says  Eric  Hemmendinger,  research  director  for  security 
and  privacy  at  Aberdeen  Group.“One  box  also  takes  up 
a  lot  less  space.” 

Also  in  this  market  is  Blue  Coat  Systems,  which  this  week 
will  introduce  the  SG400  Web  Security  Appliance  for 
antivirus,  instant  messaging  and  content  filtering  at  remote 
offices  with  up  to  100  end  users.  The  $3,500  device  is 
designed  to  be  managed  through  a  corporate  central 
office,  and  can  control  caching  and  bandwidth  allocation 


in  addition  to  security. 

Unlike  the  McAfee  prod¬ 
uct,  the  Blue  Coat  offering 
does  not  handle  SMTP 
traffic  filtering. 

Another  player  in  the 
market  is  CipherTrust, 
which  is  taking  the  next 
step  in  the  cat-and-mouse 
game  played  by  spam¬ 
mers  and  those  looking 
to  stop  them  with  the 
Enterprise  Spam  Profiler 
(ESP)  option  for  its 
IronMail  gateway  appli¬ 
ance.  The  device,  which 
starts  at  $27,000  when 
configured  with  ESP  soft¬ 
ware,  also  can  handle 
antivirus  protection  and 
act  as  a  firewall  for  e-mail 
servers. 

ESP  uses  five  spam- 
detection  techniques  to 
score  an  incoming  message  and 
determine  an  overall  “spam  confi¬ 
dence  value.”  Depending  on  the  value,  a 
message  can  be  discarded  immediately  or 
quarantined  for  review.  Previously  IronMail  had  a  gamut  of 
spam  filters  that  a  message  passed  through,  with  any  one 
filter  being  able  to  raise  a  red  flag  and  block  a  message. 

“It’s  like  France  on  the  United  Nations’  Security  Council: 
They  can  veto  a  whole  measure,”  says  Matt  Anthony  direc¬ 


tor  of  marketing  at  CipherTrust.“Instead,  we’re  looking  at 
all  filters  as  data  points  that  paint  an  overall  picture.” 

An  automatic  whitelisting  feature  has  been  added  to 
IronMail  that  allows  certain  e-mail  addresses  a  free  pass 
after  a  specified  number  of  correspondences.  For  exam¬ 
ple,  a  newsletter  from  a  user  group  that  could  be  iden¬ 
tified  as  spam  but  is  not  could  be  added  to  the  whitelist 
to  let  it  pass  to  the  intended  recipients  without  being 
quarantined. 

“The  auto  whitelisting  will  be  a  boon  to  us,"  says  Carl 
Howell,  systems  engineer  at  the  University  of  West 
Florida  in  Pensacola,  which  is  snagging  about  60,000 
spams  at  the  100,000  e-mails  the  university  receives 
daily.  “As  people  get  auto  whitelisted,  it  should  help 
shrink  the  number  of  false  positives.” 

In  other  security  news: 

•  RSA  Security  will  introduce  PKZIP-based  encryption 

and  data-compression  software  designed  in  partnership 
with  PKWare.The  product,  RSA  SureFile.can  be 
used  as  a  stand-alone  application  for 
file  compression,  encryption 
based  on  the  Advanced 
Encryption  Standard 
and  signing  with  X.509 
digital  certificates,  or 
with  RSA’s  public-key 
infrastructure  product, 
RSA  Keon.  Pricing  starts  at  $80  per  seat. 

•Sophos  has  announced  Web-based  software  designed 
to  send  antivirus  software  updates  to  remote  or  mobile 
workers’  computers.The  Remote  Update  package  runs  on 
Microsoft  Internet  Information  Server  or  Apache  Web 
servers.  It  costs  $30  per  seat  for  a  100-seat  license.  ■ 


Protective  shield 

McAfee  Security's  Web- 
Shield  elOOO  appliance 
scans  for  viruses  and 
worms  in  Web  traffic. 


•  Scans  up  to  160,000 
messages  per  hour  or  2M 
byte/sec  of  HTTP  traffic. 

•  Two  or  more  can  be 
bridged  for  high  availability. 

•  Reports  activity  to  the 
McAfee  ePolicy 
Orchestrator  console. 

•  Cost  $20,500  for  up  to  1 ,000 
end  users. 


ITWorx  device  puts  the  squeeze  on  WAN  traffic 


II  Maybe  just  being  a  compression  box 
right  now  isn't  enough. f  1 


■  BY  TIM  GREENE 

BURLINGTON,  MASS.  —  Busi¬ 
nesses  looking  to  make  better 
use  of  expensive  WAN  links 
have  a  new  option:  a  PC-based 
Linux  appliance  that  compress¬ 
es  data  traffic  so  businesses 
can  send  more  over  existing 
connections  without  having  to 
buy  bigger  pipes. 

Eight-year-old  ITWorx  is  intro¬ 
ducing  the  device,  called  Net- 
Celera,  which  the  company 
says  will  use  data  compression 
techniques  to  cut  the  volume 
of  traffic  at  least  in  half  and  by 
as  much  as  90%. 

Customers  have  to  buy  at  least 
two  of  the  devices  and  place  one 
at  each  end  of  a  WAN  link 
between  the  router  and  the  LAN. 
Like  other  compression  vendors 
such  as  Expand  Networks  and 
Peribit  Networks,  ITWorx’s  com¬ 
pression  technology  works  by 
examining  traffic  for  patterns  that 
repeat,  then  replacing  them  with 
shorter  patterns  that  it  keeps 


ITWorx  says  its  NetCelera  device 
can  reduce  WAN  traffic  volumes  by 
up  to  90%. 


track  of  in  a  library 
NetCelera  is  different  from  com¬ 
peting  products  because  it  exam¬ 
ines  traffic  at  the  session  layer. 
Layer  5,  says  CEO  Youssri  Helmy 
Layer  5  compression  means  the 
device  can  differentiate  session 
streams  within  all  the  traffic  on  a 
wire,  such  as  a  file  transfer  vs.  a 
client-server  application.  NetCel¬ 
era  then  can  develop  a  unique 
compression  library  maximizing 
the  compression  for  each  ses¬ 
sion  up  to  8,000  sessions,  he  says. 
Other  vendors’  compression 
methods  use  a  single  library  for 
all  traffic  on  a  particular  physical 
connection. 


NetCelera  doesn’t  try  to  com¬ 
press  video  or  voice-over-IP 
traffic  because  they  are  already 
compressed.  Further  attempts 
to  compress  them  with  Net- 
Celera’s  current  technology 
would  yield  minimal  improve¬ 
ments  that  would  not  be  worth 
the  processing  power,  Helmy 
says.  But  he  says  the  company 
is  developing  software  for  a 
later  release  that  will  compress 
voice  enough  to  make  the 
effort  worthwhile. 

While  its  data  compression 
technology  might  give  it  an 
advantage  in  the  market,  IT¬ 
Worx  has  its  work  cut  out  for  it, 
says  John  Cordova,  an  analyst 
with  Infonetics.  Competitors, 
such  as  Expand,  Packeteer  and 
Peribit,  all  offer  another  key  fea¬ 
ture  along  with  compression: 
traffic  shaping.  This  is  signifi¬ 
cant  because  packet-shaping 
and  compression  gear  occupy 
the  same  space  in  a  network, 
and  putting  both  functions  in 
one  box  simplifies  matters,  he 


John  Cordova 

Analyst,  Infonetics 

says.  Similarly,  vendors  such  as 
Array  Networks  are  adding 
compression  to  their  multiser¬ 
vice  security  platforms,  and 
many  router  vendors  now  offer 
compression  as  an  option  on 
their  gear. 

“Maybe  just  being  a  compres¬ 
sion  box  right  now  isn’t  enough,” 
Cordova  says.  Within  a  few  years 
compression  and  others  of  these 
features  will  be  primarily  sold  as 
options  on  routers,  he  says,  and 
customers  will  take  that  road 
rather  than  add  another  box  to 
their  networks.  But  he  says  com¬ 
pression  can  save  companies 
from  buying  larger  WAN  connec¬ 
tions,  particularly  expensive  inter¬ 
national  lines,  and  that  can  pay 
for  the  equipment  within  months. 


NetCelera  has  two  1 0/1 00M 
bit/sec  Ethernet  ports  that  con¬ 
nect  it  to  the  router  on  one  side 
and  the  LAN  on  the  other.  If  the 
device  fails,  it  passes  traffic 
through  untouched. 

NetCelera  is  priced  depending 
on  the  size  of  the  WAN  link  it  sup¬ 
ports.  For  example,  a  box  for  a 
128K  bit/sec  line  costs  $2,500  and 
one  that  supports  a  T-l  costs 
$8,000. 

ITWorks:www.itworks.com 
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Antispam  tools  multiplying  like  spam 


■  BY  JOHN  FONTANA 

As  spam  continues  to  roll  over 
corporate  networks  in  ever-larger 
quantities,  the  cavalry  of  vendors 
offering  defenses  continues  to 
grow  as  well. 

No  fewer  than  five  vendors  are 
shipping  or  are  about  to  release 
new  products  designed  to  keep 
spam  from  polluting  corporate 
e-mail  systems. 

This  week,  MailFrontier  plans  to 
release  a  gateway  product  and 
upgrades  to  its  client  software  at 


the  Demo  2003  conference, 
which  is  being  held  in  Scottsdale, 
Ariz.,  and  run  by  IDG  Executive 
Forums,  a  division  of  Network 
World. 

Also  this  week,  Sunbelt  Software 
will  unveil  the  server  edition  of  its 
IHateSpam  filtering  software. 

Singlefin  last  week  introduced 
its  Local  Messaging  Switch,  a  cor¬ 
porate  gateway  spam  filter. 

Stealth  start-up  Q-Spam  will 
announce  its  new  name  and 
product  in  March,  and  Tumble- 
Weed  in  April  is  expected  to 


release  a  new  spam  module  for 
its  SecureMail  product. 

The  spate  of  products  not  only 
highlight  the  options  that  compa¬ 
nies  have  for  building  perimeter 
defenses  against  spam,  but  also 
reinforces  the  commonly  held 
notion  that  spammers  remain  a 
step  ahead.  Spam  blocker  Fbstini 
reports  that  it  filtered  more  than 
600  million  spam  messages  in  the 
last  30  days,  more  than  a  50% 
jump  from  just  five  months  ago. 

“The  problem  is  that  the  spam¬ 
mers  can  react  faster  than  the 


guys  providing  tools  against  it,” 
says  Dan  Keldsen,  senior  analyst 
at  Delphi  Group.  However,  he  says 
the  tools  are  becoming  more 
sophisticated. 

Many  companies  are  offering 
multiple  levels  of  filtering,  includ¬ 
ing  so-called  blacklists  and 
whitelists,  and  content  filtering, 
that  aggregate  their  results  into  a 
evaluation.  Other  tools  streamline 
administration,  such  as  adding 
automated  updating  services 
much  like  antivirus  software. 

MailFrontier’s  Anti-Spam  Gate- 


Demo 

continued  from  page  7 

OS  Network  might  bring  intrusion-prevention  tech¬ 
nology  to  the  forefront  of  the  security  industry  again, 
and  if  successful,  might  continue  to  expand  the 
must-haves  for  any  enterprise  security  infrastructure. 

Product:  Navajo 
Vendor:  MagiQ 

Description:  Key  distribution  based  on 
quantum  computing 

Navajo  is  a  Quantum  Key  Distribution  system  for 
securing  communication.  In  secure  communica¬ 
tions,  one  of  the  most  difficult  steps  is  secure  com¬ 
munication  of  encryption  keys.  Only  the  parties 
who  wish  to  exchange  information  should  know 
these  keys.  How  do  you  know  the  key  has  not  been 
intercepted  or  cannot  be  easily  figured  out? 

Current  cryptography  theory  relies  on  complex 
mathematical  computations,  which  take  time  to  solve. 

With  the  increasing  availability  of  computing  power, 
cracking  the  code  becomes  easier,  rendering  secure 
communications  readable,  and  exposing  sensitive 
and  confidential  information. 

Quantum  computing  uses  the  principles  of  phys¬ 
ics,  not  math,  to  create  secure  communications.  The  principles  of 
physics  are  problems  that  cannot  be  forced  to  decipher  encrypted 
communications  and  the  keys  generated  are  random  and  secure.The 
information  is  encoded  photon  by  photon  via  fiber-optic  link.  Any 
eavesdropping  or  snooping  on  the  line  by  a  malicious  party  would 
change  the  photon,  making  it  known  that  it  was  tampered  with. 

Navajo  does  not  want  to  replace  existing  cryptographic  communi¬ 
cations,  lnstead.it  is  a  key  distribution  system  based  on  Heisenbergs 
Uncertainty  Principle  that  provides  a  hybrid  model  using  quantum 
computing  to  provide  secure  distribution  of  existing  cryptography 
keys,  such  as  those  based  on  Advance  Encryption  Standard.  This 
method  provides  organizations  a  solution  to  the  problem  of  how  to 
securely  exchange  cryptographic  keys.  One  drawback  to  current 
quantum  computing  systems,  though,  is  that  they  do  not  work  over 
long  distances. 

Navajo  is  a  plug-and-play  system  that  can  fit  in  virtually  any  environ¬ 
ment.  Cryptography  keys  can  be  exchanged  securely,  up  to  1,000  times 
per  second,  ensuring  the  confidentiality  of  sensitive  information  as  it 
travels  across  the  network  or  is  stored  on  a  system. 

Quantum  computing  provides  a  new 
approach  to  the  problem  of  how  to  exchange 
information  securely  As  the  reliance  on  the 
exchange  of  information  continues  to  grow,  the 
security  of  that  information  becomes  critical. 

Quantum  computing  might  be  the  field  that  pro¬ 
vides  more  secure  communication  schemes. 


Product:  SigmaWatch 
Vendor:  SigmaSecurity 

Description:  Linux-based  vulnerability-assessment 
appliance 

SigmaWatch,  SigmaSecuritys  debut  into  the  al¬ 
ready  crowded  vulnerability-assessment  market,  is  a 
Common  Vulnerabilities  and  Exposures-based  vul¬ 
nerability-assessment  and  remediation  product  that 
runs  on  SigmaSecuritys  Predator.  In  this  configura¬ 
tion,  SigmaWatch  supports  approximately  255  IP 
addresses.  More  robust  platforms  are  available  from 
SigmaSecurity  to  provide  assessment  and  remedia¬ 
tion  for  larger  organizations. 

SigmaWatch  runs  on  a  hardened  version  of  the 
Red  Hat  Linux  operating  system  and  takes  advan¬ 
tage  of  many  open  source  tools, and  SigmaSecuritys 
proprietary-assessment  engine.  Vulnerability  signa¬ 
ture  updates  are  received  automatically  through  a 
Secure  Sockets  Layer  communications  engine, 
ensuring  the  latest  vulnerabilities  and  check  scripts 
are  available  for  use  in  a  scan. Administration  occurs 
through  a  Web  interface,  with  the  ability  to  launch 
scans  on  demand  or  schedule  them  to  launch  peri¬ 
odically,  such  as  daily,  weekly  or  monthly  Scans  also 
can  be  incremental  or  differential,  providing  admin¬ 
istrators  a  quick  and  easy  way  to  see  what  has 
changed  on  their  systems  and  network  over  the  last  week  or  month. 

SigmaSecurity  says  the  vulnerability  tests  are  nonintrusive  and 
administrators  can  configure  the  intensity  of  testing,  controlling  how 
much  network  bandwidth  a  scan  consumes  during  execution. 
Groups  also  can  be  created,  allowing  some  servers,  such  as  critical 
Web  servers,  to  be  scanned  daily,  while  other  systems  could  be 
scanned  weekly.  Reports  are  generated  in  PDF  format  and  include 
information  detailing  the  identified  vulnerability.  A  pair  of 
SigmaWatch  appliances  can  be  configured  for  high  availability,  using 
a  serial  connection  to  maintain  heartbeat. 

While  SigmaWatch  says  the  product  provides  remediation  capabili¬ 
ties,  they  are  not  automatic. SigmaWatch,  like  most  vulnerability-assess¬ 
ment  products,  provides  links  or  instructions  for  administrators  to  fol¬ 
low  to  correct  the  identified  vulnerability  on  the  affected  system. 

Even  thought  the  vulnerability-assessment  market  is  getting  over¬ 
crowded,  SigmaSecurity  can  succeed  if  the  assessment  engine  is 
accurate,  providing  strong  assessments  of  Windows  and 
Unix/Linux  systems.  SigmaSecurity  has  taken  the  right  approach, 
pricing  its  product  lower  than  most  of  the  existing  commercial 
solutions,  with  SigmaWatch  on  Predator 
starting  at  $3,500. 

Andress  is  president  ofArcSec  Technologies ,  a 
security  company  focusing  on  product  reviews 
and  analysis.  She  can  be  reached  at 
mandy@arcsec.  com. 


SigmaWatch,  SigmaSecurity's  vul¬ 
nerability-assessment  tool,  runs 
on  SigmaSecurity's  Predator  appli¬ 
ance  platform. 
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way  includes  five  spam-filtering 
techniques,  including  dynamic 
whitelists,  which  are  built  auto¬ 
matically  with  a  user’s  contacts 
and  existing  e-mail  threads.  The 
gateway  also  is  updated  auto¬ 
matically  with  known  spam 
thumbprints  collected  from 
MailFrontier  users. 

Sunbelt  is  releasing  its  first  ser¬ 
ver-based  product,  which  is  de¬ 
signed  for  Microsoft  Exchange. 
The  server  uses  a  scoring  system 
to  weed  out  spam  from  legiti¬ 
mate  mail  and  is  policy-driven 
so  filtering  can  be  tuned  per 
user.  Sunbelt  also  taps  the  40,000 
users  of  its  client  software  to  pro¬ 
file  spam  and  create  filter 
updates  for  the  server. 

Singlefin’s  Local  Messaging 
Switch,  which  uses  a  three-layer 
evaluation  process,  is  an  out¬ 
growth  of  its  hosted  service  for 
spam  blocking  and  content  filter¬ 
ing.  Companies  run  the  switch 
locally  and  have  a  Web-based 
interface  to  set  policies,  but 
Singlefin  administers  the  server 
remotely  and  offers  its  hosted  net¬ 
work  as  a  backup. 

In  the  coming  months,  Q-Spam  s 
co-founders  Linus  Upson  and 
Felix  Lin  will  introduce  a  spam 
product  they  say  borrows  heavily 
from  the  mobile  software  syn¬ 
chronization  technology  they 
developed  at  their  previous  com¬ 
pany,  AvantGo. 

And  TumbleWeed  is  expected 
to  deliver  in  April  its  Dynamic 
Anti-Spam  module  that  plugs  into 
its  SecureMail  5.5.The  service  will 
offer  automatic  updates  of  heuris¬ 
tic  techniques,  and  rules  and  pat¬ 
terns  for  identifying  spam.  ■ 
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■  THIS  WEEK’S  QUESTION: 

Which  industry  executive 
is  the  primary  focus  of  new 
books  titled  Perfect 
Enough  and  Backfire ? 


Answer  ttvs  and  nine  adduonal  questions 
onfine  and  you  could  win  $500!  Visit 

Network  World  fusion  and  enter  2349 
in  the  Search  tjox. 

www.nwnjsion.com 
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Looking  Deeper, 
Reaching  Farther 

An  intelligent  network  infrastructure  featuring 
Cisco  routers  enhances  the  value  of  IT 


High  Availability 


These  days,  it's  hard  to  distinguish  the  network  from 
the  company.  If  one  stops  working,  so  does  the  other. 
That's  why  networks  based  on  equipment  from  Cisco 
Systems  offer  unsurpassed  availability,  and,  just  as 
importantly,  unsurpassed  resilience  in  the  face  of 
interruptions. 

To  maintain  productivity— and  by  extension, 
profitability— networks  must  be  available  all  the  time, 
providing  employees  with  global,  around-the-clock 
access  to  business  applications  and  information, 
while  ensuring  appropriate  internet  access. 


investments  across  the  extended  enterprise. 

Successful  companies  run  on  information.  It’s  that  simple,  and  this  reality 
drives  unprecedented  demands — and  opportunities— for  the  people  at  the 
wheel  of  the  enterprise  network.  Consider  the  case  of  one  Global  100 
manufacturer:  With  four  technical  assistance  centers,  a  dozen  regional 
offices,  and  more  than  300  independent  dealerships  across  the  U.S.,  it’s  no 
simple  feat  to  keep  the  bits  flowing. 

Yet  flow  they  do,  and  not  just  in  the  form  of  data.  By  deploying 
high-performance,  feature-rich  Cisco  routers  at  key  sites,  the  company  was 
able  to  extend  IP  telephony  services  securely  across  its  wide-area  network. 
As  a  result,  they  cut  the  cost  of  calls  to  the  technical  assistance  centers  by 
eliminating  the  need  for  separate  phone  services,  increased  employee  pro¬ 
ductivity  by  reducing  the  amount  of  time  spent  searching  for  information, 
and  improved  customer  service  by  ensuring  everyone  is  up-to-speed  on 
products  and  services. 

Is  it  the  Network,  or  the  Application?  Yes.  Because  the  applications 
that  are  transforming  business  today  are  completely  reliant  on  the 
enterprise  network.  By  investing  in  an  intelligent  network  infrastructure, 
companies  create  a  highly  secure,  robust  foundation  for  any  number  of 
applications,  and  even  help  improve  performance  of  those  applications 
for  users  throughout  the  company.  And  that  allows  them  to  reap  a 
greater  return  on  countless  IT  investments — past,  present,  and  future. 


And  since  a  network  is  only  as  reliable  as  its 
weakest  link,  all  segments  must  be  resilient  enough 
to  immediately  bounce  back  from  unexpected 
connection,  component,  or  power  failures. 

To  some  extent,  availability  depends  on  the  overall 
design  of  the  network.  In  many  cases,  companies  will 
deploy  dual  routers  with  the  Hot  Standby  Routing 
Protocol  that  Cisco  pioneered,  enabling  one  device  to 
seamlessly  take  over  if  the  other  one  fails. 

But  availability  also  hinges  on  the  design  of  the 
individual  routers  themselves.  That's  why  Cisco  builds 
layers  of  redundancy  and  resiliency  into  the  hard¬ 
ware,  from  backup  processors  and  power  supplies  to 
hot-swappable  line  cards. 

Such  safeguards  work  in  tandem  with  Cisco  I0S® 
Software  features,  including  several  recent  enhance¬ 
ments  collectively  known  as  Globally  Resilient  IP,  or 
GRIP.  Cisco  Nonstop  Forwarding  with  Stateful 
Switchover,  for  example,  enables  a  router's  primary 
and  backup  processors  to  synchronize  state 
information.  That  way,  if  a  hardware  or  software 
problem  knocks  out  the  primary  processor,  the 
backup  processor  will  pick  up  where  it  left  off, 
without  needing  to  reboot  the  system  or  line  cards, 
and  without  losing  a  single  data  packet. 

And  because  Cisco  I0S  Software  runs  from  the 
enterprise  backbone  to  the  outermost  reaches  of  the 
WAN,  these  capabilities  can  increase  the  availability 
of  every  segment  of  your  network,  and  increase  the 
productivity  of  every  branch  of  your  company. 


Cisco  Systems 
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The  Answer  is  Cisco  — As  the  worldwide  leader  in  networking  for  the 
Internet,  Cisco  offers  the  industry’s  largest  and  most  versatile  portfolio  of 
routers  to  suit  every  need,  from  the  home  office  to  the  branch  office  to 
the  enterprise  campus.  Modular  designs  allow  you  to  expand  network 
services  incrementally  as  new  needs  and  opportunities  arise. 

Integrated  features  such  as  virtual  private  network  services,  firewalls, 
intrusion  detection  systems,  content  delivery,  survivable  remote  site 
telephony,  inline  power,  and  low-density  switching  allow  you  to  confident¬ 
ly  deploy  the  most  demanding  solutions,  including  converged  data,  voice, 
and  video  applications. 

Cisco  routers  also  offer  a  unique  level  of  investment  protection.  Cisco 
Systems  devotes  approximately  18  percent  of  sales  to  R&D,  giving  our 
engineers  unmatched  resources  to  build  upon  established  products  and 
technologies.  Take  Cisco  IOS®  Software,  for  example,  the  operating  sys¬ 
tem  that  unifies  all  Cisco  routers  and  switches  and  provides  most  of  the 
intelligence  in  the  network.  At  this  very  moment,  1,200  people  are  work¬ 
ing  to  enhance  and  expand  the  capabilities  that  have  made  it  a  pillar  of 
networks  the  world  over. 

By  designing  products  with  the  future  in  mind,  Cisco  offers  the  best  value 
over  the  long  term.  New  features  and  functionality  can  be  incorporated 
as  needs  change  and  technologies  evolve,  which  lowers  the  total  cost  of 
ownership  by  saving  you  the  expense  of  replacing  something  that  won’t 
be  supported  a  year  or  two  down  the  road. 


Superior  Manageability 


While  an  intelligent  infrastructure  offers  powerful 
benefits,  managing  something  so  sophisticated 
can  sound  overwhelming,  particularly  to  a  harried 
IT  department.  But  with  the  right  tools,  you  can 
actually  simplify  most  administrative  tasks  even  as 
you  gain  greater  control  over  network  resources. 

Cisco  Systems  provides  those  tools,  ensuring  you 
can  capture  all  the  benefits  of  an  intelligent  net¬ 
work  infrastructure,  without  having  to  be  an  expert 
on  every  feature  and  capability. 

One  reason  is  that  Cisco  IOS®  Software  unifies  all 
Cisco  switches,  routers,  and  other  devices,  creat¬ 
ing  a  network  that  is  inherently  more  manageable 
and  providing  a  rich  source  of  data  to  help  you 
optimize  network  operations. 

Drawing  on  that  rich  IOS  data  and  unmatched 
industry  expertise,  Cisco  has  built  best  practices 
into  the  CiscoWorks  family  of  Web-based  network 
management  tools,  helping  you  to  streamline 
management  tasks  and  secure  your  network  from 
end  to  end. 

CiscoWorks  templates  and  wizards  simplify  and 
automate  complex  configurations  to  help  you 
implement  security  policies,  use  QoS  to  prioritize 
traffic  for  IP  telephony  or  other  time-sensitive 
applications,  and  manage  a  range  of  other  opera¬ 
tions.  These  tools  also  help  prevent  human 
errors— mistakes  that  can  open  holes  in  security 
or  even  bring  down  the  network,  cutting  into  your 
company's  profits. 


And  at  Cisco,  support  means  much  more  than  simply  providing  hardware 
and  software.  As  Fortune  magazine  recently  observed,  “Whenever  there  is 
a  problem  big  or  small,  the  folks  running  the  networks  in  corporations 
know  they  can  call  Cisco.” 

That  peace  of  mind  might  not  be  your  only  motive  for  building  an  intelli¬ 
gent  infrastructure  with  Cisco  routers  and  switches,  but  it’s  a  surefire  sign 
of  an  intelligent  investment. 


Learn  how  Cisco  routers  can  offer 
your  company  a  greater  return  on  its 
investments  in  technology. 

www.nwfusion.com/cisco/infrastructure 
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If  a  problem  does  occur,  you  won't  be  caught  off 
guard.  A  properly  managed  intelligent  infrastructure 
continually  monitors  for  faults,  and  can  even  spot 
deteriorating  conditions  before  they  get  out  of 
hand,  providing  a  safety  net  for  your  business. 

CiscoWorks  management  applications  give  you  the 
visibility  to  monitor  the  impact  of  the  network  policies 
and  priorities  you  establish,  ,and  the  flexibility  to 
fine-tune  things  as  you  go  along,  and  add  new 
technology  as  your  needs  change  and  the  network 
grows.  As  a  result,  you  can  get  more  out  of  your 
business  applications  today,  and  also  do  a  better 
job  of  planning  for  the  future. 

If  that  sounds  like  good  news  just  for  the  IT 
department,  consider  this:  It's  been  estimated  that 
for  every  dollar  a  company  spends  on  new  tech¬ 
nology,  it  can  spend  another  four  trying  to  make  it 
work.  So  it  stands  to  reason  that  the  better  you're 
managing  your  network,  the  better  you're  manag¬ 
ing  your  business. 


Cisco  Systems 
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Takes 

■  Apple  last  week  launched  a 
midrange  storage  array  and  a  new 
version  of  its  Xserve  server.  The 
Xserve  RAID  storage  system  is  a 

3U-high  enclosure  containing  as  much 
as  2.5  terabytes  of  Fibre  Channel- 
attached  Advanced  Technology 
Attached  storage.  It  uses  a  2G  bit/sec 
Apple  Fibre  Channel  PCI  card  to  con¬ 
nect  to  the  server.  The  new  Xserve 
has  a  faster  1.33-GHz  processor  and 
system  bus,  and  faster  memory  and 
I/O.  The  company  has  expanded  the 
size  of  the  disk  drives  up  to  720G 
bytes  of  storage  and  added  IP  over 
FireWire  support  for  clustering.  The 
Xserve  RAID  starts  at  $6,000.  One- 
CPU  Xserve  server  starts  at  $2,800. 
Both  are  expected  to  be  available  next 
month,  www.apple.com 

■  Novell  will  ship  the  next  version  of 
its  flagship  network  operating  sys¬ 
tem,  NetWare  6.5,  code-named 
Nakoma,  by  midyear.  Nakoma  will 
feature  simplified  administration, 
better  access  and  improved  storage 
administration.  It  will  include  a  virtual 
office  that  lets  users  from  any  Web- 
enabled  device  access  e-mail,  net¬ 
work  files  and  applications.  Nakoma 
also  will  incorporate  the  Silverstream 
application  server,  as  well  as  Apache 
and  Tomcat  Web  applications  and 
MySQL  database.  As  part  of  its 
enhanced  storage  management  fea¬ 
tures,  Nakoma  will  support  iSCSI, 
soft  ware- based  RAID  1  and  5,  snap¬ 
shot  backup,  storage  resource  man¬ 
agement  and  data-pooling.  It  also  will 
include  integrated  DirXML  connectiv¬ 
ity  to  Windows  NT  domains  and 
Active  Directory  and  support  for 
blade  servers  and  management. 
www.novell.com 

■  3Com  last  week  announced  the 
SuperStack  3  Switch  4228G,  a  28- 
port  10/100M  bit/sec  switch  with  two 
copper  and  two  modular  Gigabit 
Ethernet  ports.  The  Layer  2  switch  is 
targeted  at  wiring  closets  and  can  be 
deployed  in  stacks  of  four  and  man¬ 
aged  with  a  single  IP  address.  The 
switch  is  available  now  for  $920. 
,vww.3com.com 
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■  TCP/IP,  LAN/WAN  SWITCHES 

■  ROUTERS  ■  HUBS 

■  ACCESS  DEVICES  ■  CLIENTS 

■  SERVERS  ■  OPERATING  SYSTEMS 

■  VPNS  ■  NETWORKED  STORAGE 


Users  tout  open  source  security 

Network  administrators  using  do-it-yourseif  technology  to  keep  costs  down. 


■  BY  PHIL  HOCHMUTH 

ROCHESTER,  N.Y — When  the  right  tech¬ 
nology  doesn’t  exist  or  isn’t  available  at 
the  right  price,  many  large  companies  get 
creative  and  build  their  own  custom  sys¬ 
tems, such  as  routers,  firewalls  or  VPN  gear. 

Linux  and  open  source  software  is  prov¬ 
ing  to  be  a  valuable  too!  for  businesses 
that  have  taken  the  build-it-yourself 
approach  when  it  comes  to  some  network 
systems.  Many  say  the  software  included 
in  Linux  and  in  some  free  software  pack¬ 
ages  is  as  good  or  better  than  commercial 
offerings  and  costs  less  to  deploy 

When  Rochester  Midland  was  looking 
to  move  frame  relay  to  a  multisite  IP 
Security  (IPSec)-based  VPN  last  year, Tony 
Karakashina,  then  a  network  administra¬ 
tor  for  the  company,  was  charged  with 
rolling  out  the  network. 

He  first  had  companies  such  as  Cisco, 
Check  Point  and  Nokia  in  mind  for  imple¬ 
menting  the  company’s  firewall  and  VPN 


infrastructure.  Then  he  was  told  that  he 
would  have  to  set  up  the  network  as  inex¬ 
pensively  as  possible. 

“Why  pay  $20,000  on  firewall  products, 
which  require  a  lot  of  work  and  are  not 
100%  secure  anyway?”  he  says.  Instead,  he 
decided  to  experiment  with  Linux-based 
PCs  and  an  open  source  IPSec  VPN  soft¬ 
ware  package  called  Free  Secure/WAN 
(Free  S/WAN).  He  used  surplus  PCs  the 
company  had  in  storage  (Pentium  133- 
MHz  and  Pentium  II  400-MHz  machines). 

“When  1  said  we  had  most  of  the  hard¬ 
ware  already  to  build  the  network  and 
that  the  software  would  be  free,  [manage¬ 
ment]  liked  that  idea,”  he  says. 

Free  S/WAN  is  an  open  source  software 
package  that  can  be  installed  on  Linux 
servers  and  lets  them  act  as  site-to-site  and 
remote-access  VPN  gateways.The  software 
can  be  used  to  establish  secure  connec¬ 
tions  between  two  networks  over  the 
Internet  or  to  connect  PCs  with  a 
Windows  XP  VPN  client  to  the  corporate 


network. 

Karakashina  then  had  the  challenge  of 
bringing  T-l  WAN  connectivity  hardware 
to  the  Linux/VPN  PCs. 

“Since  most  people  don't  plug  a  T-l  con¬ 
nection  directly  into  a  PC,”  Karakashina 
says,  there  were  limited  products  from 
which  to  choose.  He  chose  $850  T-l  cards 
from  Sangoma  Technologies,  which  makes 
modules  that  fit  into  a  PC’s  PCI  bus  and 
supported  Linux  drivers  for  the  hardware. 

One  key  to  making  the  open  source  VPN 
work,  Karakashina  says,  was  a  good  work¬ 
ing  knowledge  of  Linux.  He  had  experi¬ 
ence  working  with  Linux  from  his  college 
days,  which  helped  when  he  had  to  con¬ 
figure  and  tweak  the  Linux  software  on 
the  VPN  PCs  to  get  the  Sangoma  cards  to 
work  with  the  operating  system. 

The  result  of  the  project  was  a  savings  of 
several  thousand  dollars  per  month  for 
Rochester  Midland  by  switching  from 
point-to-point  frame  relay  service  to  an 

See  VPN,  page  20 


Radvision  links  mobile,  traditional  video  gear 


■  BY  JASON  MESERVE 

GLEN  ROCK,  N.J.  —  Radvision  is  bring¬ 
ing  a  piece  of  science  fiction  to  reality 
with  the  release  of  a  new  gateway  that 
connects  video-enabled  mobile 
phones  on  a  3G  wireless  network 
with  traditional  videoconferenc¬ 
ing  equipment  on  the  LAN. 

Currently  the  limited  number  of 
video-enabled  phones  can  com¬ 
municate  only  with  similar  devices 
on  the  same  network  and  cannot  connect 
back  into  a  traditional  videoconference. To 
connect  the  two  worlds,  a  gateway  is 
needed  to  translate  (or  transcode)  the  dif¬ 
ferent  protocols  used,  much  like  a  gateway 
is  needed  between  traditional  IP  and  ISDN- 
based  videoconferencing  endpoints. 

For  multimedia  communications,  the 
new  Vial  P  GW-P20/M  Gateway  transcodes 
between  the  3G-324M  standard  used  in 
wideband  Code  Division  Multiple  Access 
and  CDMA2000-based  mobile  phones  to 
H.323  used  in  traditional  IP  desktop  and 
group  videoconferencing  endpoints. The 
gateway  also  can  be  used  for  voice  calls, 
translating  between  the  AMR  voice  pro¬ 
tocol  used  in  the  3G  world  to  G.711  on 
the  IP  side,  says  Eli  Doron,  founder  and 


Gateway  to  a  3G  world 


Radvision’s  GW-P20/M  gateway  enables  two-way  audio  and  video 
communication  between  3G  mobile  phones  and  traditional  IP  video- 
conferencing  endpoints  located  on  a  LAN. 


3G  protocols  must  be  translated 
'mtD  the  H.323  protocol  for  connec¬ 
ting  to  IP  video  enpoints  and  SIP 
when  connecting  to  IP  phones. 


Desktop  endpoints 


The  gateway,  installed  in  a  service  provider  or  enterprise 
network,  transcodes  the  protocols  that  the  3G  phones  use 
into  protocols  that  video  endpoints  can  handle  and  vice  versa. 
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Radvision  gateway 


—  H.323 

—  3G-324M 
terminal 


Phones  on  a  3G  circuit-switched  network 
uses  the  3G-324M  and  ARM  protocols  for 
transmitting  video  and  voice,  respectively. 


CTO  of  Radvision. 

With  the  gateway,  mobile  phones  can 
participate  in  point-to-point  or  multipoint 
(if  a  separate  multipoint  control  unit  is 
used)  videoconference. 

One  challenge  that  Radvision  faces  is 
the  limited  number  of  3G-enabled  mobile 
services  available.  According  to  Probe  Re¬ 
search,  there  are  six  carriers  in  the  world 


offering  3G  service,  with  Japan’s  NTT  Do¬ 
CoMo  having  the  oldest  and  most  widely 
known  service.  A  handful  of  other  carriers 
have  3G  offerings,  but  limited  handset 
availability 

Radvision  does  have  some  competition 
with  Ericsson,  which  Ls  testing  its  Video 
Gateway  System  in  Italy,  Hong  Kong  arid 

See  Radvision,  page  20 
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Gig  E  to  the  desktop:  Bargain  or  boondoggle? 


Everywhere  I  turn  these  days  I  hear 
rumblings  about  Gigabit  Ethernet  to 
the  desktop.  We  are  seeing  white 
papers  touting  the  joys  and  benefits  of 
delivering  10  times  the  bandwidth  of  a  tra¬ 
ditional  Fast  Ethernet  network  interface 
card  at  a  fraction  of  the  cost. 

Surely,  many  folks  are  excited  about 
Gigabit  Ethernet  to  the  desktop  and  big 
bandwidth  returns.  But  what’s  really  need¬ 
ed  now  is  for  everyone  to  take  a  deep 
breath  and  exhale  .  .  .  and  then  look  at 
Gigabit  Ethernet  from  a  broader,  cost-of- 
ownership  prospective. 

Recently,  The  Tolly  Group  completed  a 
project  looking  at  the  viability  of  Gigabit 
Ethernet  over  copper  to  the  desktop.  In  the 


E 


study,  The  Tolly  Group  benchmarked  the 
performance  of  a  couple  of  copper 
Gigabit  Ethernet  NIC  installed  in  a  high- 
end  desktop  machine  across  a  few  differ¬ 
ent  operating  systems.  We  then  analyzed 
the  results  and  compared  the  perfor¬ 
mance  with  the  price/performance  that 
traditional  Fast  Ethernet  NICs  delivered. 

With  the  costs  for  Gigabit  Ethernet  NICs 
having  dropped  dramatically  in  the  past 
12  months,  prices  for  these  interfaces  are 
hovering  at  commodity  levels.  You  can 
pick  up  a  name-brand  Gigabit  Ethernet 
NIC  during  your  next  visit  to  CompUSA  for 
less  than  $80.  Even  last  May,  Dell 
announced  that  its  high-end  desktop  line 
was  migrating  to  and  standardizing  on  an 
onboard  Gigabit  Ethernet  NIC  in  place  of 
Fast  Ethernet.  One  thing  no  one  is  talking 
about  is  the  cost  for  plugging  in  these  NICs 
at  the  switch. 

While  consumers  no  longer  have  to  pay 
a  premium  for  Gigabit  Ethernet  NICs,  there 
is  no  bargain  when  it  comes  to  the  switch 
ports. Using  a  current  price  list  from  one  of 


the  major  switching  vendors,  we  calculat¬ 
ed  the  cost  per  port  for  a  typical  work¬ 
group  switch  for  both  Fast  Ethernet  and 
Gigabit  Ethernet.  The  results  were  simply 
staggering. 

A  48-port  Fast  Ethernet  switch  at  list 
price  delivered  a  per-port  cost  of  a  little 
more  than  $100  per  port,  while  a  similar 
stackable  for  Gigabit  Ethernet  was  more 
than  $700  per  port  for  a  name-brand  prod¬ 
uct  from  a  premier  switch  makers.  That  is 
roughly  a  seven  times  cost  for  a  Gigabit 
Ethernet  copper  port  over  the  cost  of  a 
10/100  port.  But  wait;  there’s  more. 

Beyond  the  upfront  switch  port  and  NIC 
costs,  there  is  the  cost  of  real  estate  in 
terms  of  rack  space.  Where  it  is  common 
to  obtain  48  ports  in  a  1U  or  2U  form  fac¬ 
tor  for  Fast  Ethernet  ports,  the  Gigabit 
Ethernet  switch  cannot  support  the  port 
density  allowing  only  about  half  the  num¬ 
ber  of  Gigabit  Ethernet  ports  in  the  same 
form  factor. 

So  you  say  seven  times  isn’t  bad  —  not 
for  10  times  the  performance.  It  might  not 


be  bad  if  we  were  talking  $10  per  port  vs. 
$70  per  port.  Unfortunately,  we  are  talking 
10  times  that.  That  isn’t  chump  change, 
and  if  you’re  looking  to  deploy  Gigabit 
Ethernet  to  the  desktop  across  1 ,000  users, 
costs  can  mount  up. 

What  really  is  amazing  is  the  NIC  ven¬ 
dors  have  proven  that  the  cost  of  these 
chips  is  down  to  commodity  prices  0 
doubt  the  NIC  vendors  have  the  motto  of 
“Sell  at  a  loss,  we  will  make  it  up  in  vol¬ 
ume!”).  Then  why  are  the  switching  ven¬ 
dors  still  demanding  the  premium  for 
these  chips? 

Next  time  your  friendly  switching  sales¬ 
man  comes  calling,  ask  him  to  explain 
the  premium-pricing  issue  to  you,  then 
drop  us  a  line  and  let  us  know  if  any  of  it 
makes  sense. 

Tolly  is  a  senior  engineer  with  The  Tolly 
Group,  a  strategic  consulting  and  indepen¬ 
dent  testing  company  in  Manasquan,  N.J. 
He  can  be  reached  at  btolly@tolly.com. 
Kevin  Tolly  returns  with  the  next  column. 


HIPAA  prompts  storage  pairings 


■  BY  DENI  CONNOR 

SAN  DIEGO  —  A  slew  of  storage  vendors 
are  announcing  partnerships  related  to 
compliance  with  the  Health  Insurance 
Portability  and  Accountability  Act  this 
week  at  the  Healthcare  Information  and 
Management  Systems  show. 

StorageTek  announced  two  alliances.The 
first  is  with  Stockwell.a  healthcare  consult¬ 
ing  firm,  to  offer  HIPAA  Fast  Path  Gap 
Analysis,  which  lets  organizations  validate 
how  they  are  meeting  compliance  for  the 
April  14  privacy  deadline.  The  second  is 
with  Rorke  Data,  a  subsidiary  of  Bell 
Microproducts,  to  support  the  dominant 
picture  archival  communications  systems, 
hospital  information  systems  and  radiolo¬ 
gy  information  systems  with  its  disk  and 
tape  systems. 

EMC  announced  a  partnership  with 
Rogers  Medical  Intelligence  Systems  to 
support  EMC  Centera,  the  company’s  con¬ 


tent-addressable  system  that  stores  data 
such  as  medical  images  that  don’t  change 
over  time.  Rogers  also  will  use  EMC’s 
Clariion  midrange  storage. 

Dell  and  Securesoft  Systems  announced 
an  alliance  to  embed  Securesoft’s 
Immunity  Security  Management  Suite  into 
Dell’s  HIPAA  Compliant  Desktop,  which  is 
used  in  doctors’  offices  and  healthcare 
institutions  for  entering  and  updating 
patient  records. 

Securesoft  also  will  unveil  HIPAA  Re¬ 
mediation  Technology  Roadmap,  which 
will  show  off  its  asset  management,  bio¬ 
metric  access  controls,  integrated  vulnera¬ 
bility  analysis,  automated  patch  installa¬ 
tion,  public-key  infrastructure  messaging, 
nonrepudiation  and  integrated  privacy/ 
security  technologies. 

Enacted  by  the  U.S.  Congress  in  1996, 
HIPAA  establishes  national  standards  to 
ensure  privacy  in  electronic  healthcare 
transactions.  ■ 
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the  U.K. 

Doron  and  Radvision  say  video  is  the 
ultimate  application  for  the  3G  networks, 
but  Richard  Endersby,  vice  president  of 
Internet  access  and  edge  infrastructure  at 
Probe  Research,  says  other  factors  besides 
video  will  drive  3G  first. 

"In  theory,  I  think  that  video  would/ 
should  be  a  driving  force, but  I  have  reser¬ 
vations  as  to  how  well  carriers  will  be 
able  to  deliver  it  to  users  given  constraints 
of  network  coverage,  data  rates  and  cost, 
etc.,  in  the  near  term,”  Endersby  says. 
“Gaming,  music  downloads,  richer  mes¬ 
saging,  location-based  services,  1  think 


will  be  nearer-term  drivers.” 

Currently,  Radvision  is  targeting  its  new 
gateway  at  large  corporations,  cellular 
operators  and  traditional  ISPs.  The  gate¬ 
way,  which  is  based  on  the  same  chassis 
as  its  IP-to-ISDN  product,  comes  with 
SNMP  and  quality-of-service  support  as 
well  as  support  for  IP  to  3G-324M  dial 
plans  that  interprets  the  route  from  get¬ 
ting  from  the  IP  side  to  the  cellular 
phone. 

Pricing  for  the  VialP  GW-P20/M  Gateway 
starts  at  $46,900  for  the  gateway  card  and 
$6,000  for  the  chassis  to  put  the  card  in. 
Radvision  customers  with  a  VIP400  chassis 
can  use  the  gateway  card  with  their  exist¬ 
ing  hardware. 

Radvision:  www.radvision.com 
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Internet  service  and  using  the  Free  S/WAN 
PCs  to  connect  over  encrypted  IP  Sec 
tunnels. 

In  addition  to  using  Linux  to  securely 
connect  remote  offices,  users  are  putting 
Linux  in  as  a  firewall  to  keep  out  network 
intruders. 

Thompson  Financial  in  Milwaukee  re¬ 
cently  installed  Linux  as  a  firewall  at 
one  online  trading  data  center.  Ten 
Linux  boxes  were  configured  as  single¬ 
purpose  firewalls  and  sit  in  front  of  a 
data  center  of  IBM  RS6000  Unix  servers, 
which  were  set  up  as  back-end  elec¬ 
tronic  trading  servers  for  eTrade’s  front- 
end  Web  site. 

“We’re  using  Linux  as  our  security  plat¬ 
form  as  a  way  to  keep  costs  down,”  says 
Doug  Moorhouse.a  network  administrator 
at  the  facility,  who  now  oversees  the  net¬ 
work  security. 

The  data  center  used  Cisco  PIX  firewalls 
in  the  past  and  then  moved  to  Unix  server- 
based  systems  running  Check  Pbint  soft¬ 
ware,  which  let  Moorhouse  customize  the 
devices’  configurations  and  software 
builds.  When  the  organization’s  budget 
was  tightened,  he  decided  to  switch  to 
Linux  and  Intel  servers,  which  were  less 
expensive  to  deploy  and  maintain  than 
the  Sun  and  IBM  RS6000  boxes  he’d  used 
previously. 

Moorhouse  used  the  firewall  software 
that  is  built  into  the  Linux  kernel,  which 
had  all  the  packet  filtering  and  security 
features  he  was  looking  for,  he  says.  The 
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Tips  and  links 

Advice  from  users  who  have 

implemented  Linux  open  source 

security  infrastructures. 

•  Knowledge  is  power:  Specifically, 
familiairty  with  the  Linux  operating 
system  as  well  as  kernel  debugging. 

•  Make  theTCO  case:  Get  com¬ 
parative  pricing  and  quotes  for 
security/VPN  systems  from 
vendors  to  show  savings. 

•  Be  ready  to  get  dirty:  Do-it-your¬ 
self  means  fix-it-yourself,  so  be 
prepared  to  handle  bugs  without 
a  toll-free  support  number  to  call. 

Linux  links: 

VPNs:  www.freeswan.org 

Firewalls:  www.linux-firewalls-tools.com 


Red  Hat  Linux  software  he  used  came 
with  setup  tools  that  made  it  easy  to 
install  only  the  more  essential  software 
packages  on  the  servers. 

Moorhouse  says  support  and  manage¬ 
ment  tools  for  the  Linux  firewalls  aren’t  as 
polished  as  black-box  firewall  gear  from 
makers  such  as  Cisco  or  Nokia,  he  says. 
Having  a  working  knowledge  of  Linux 
and  its  firewall  features  is  enough  to  keep 
the  devices  running  smoothly 

“We  have  some  pretty  important  informa¬ 
tion  being  protected  by  those  Linux  boxes,” 
Moorhouse  says,  adding  that  the  perfor¬ 
mance  of  Linux  firewalls  has  been  good. 

“All  companies  that  are  feeling  the 
hurt  from  the  recession  have  to  find 
cheaper  and  better  ways  to  operate," 
Moorhouse  says.  “Using  Linux  helps  us 
do  that.”B 
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For  users  that  have  outgrown  DDS,  Sony  AIT 
solutions  offer  a  clear  migration  path. 


If  your  company  has  had  formal  tape  backup  systems  in 
place  for  a  year  or  more,  there's  a  good  chance  no  one  is 
giving  them  a  lot  of  thought,  beyond  making  sure  that  the 
regular  backups  are  completed.  But  there  are  a  variety  of 
new  business  challenges  and  advances  in  data  storage 
technologies  that  make  this  the  right  time  to  take  a  fresh 
look  at  your  tape  storage  strategy. 

Sony's  Advanced  Intelligent  Tape  (AIT)  is  a  proven  data 
storage  format,  now  in  its  third  generation,  that  many 
organizations  are  using  to  meet  business  challenges  in  a 
more  consistent  and  practical  way.  Unlike  legacy  tape 
solutions  such  as  Digital  Data  Storage  (DDS),  organiza¬ 
tions  can  use  AIT  to  create  a  tape  storage  strategy  that 
adapts  to  changes  in  IT  requirements  while  meeting  future 
performance  needs. 

Organizations  often  implement  tape  storage  in  an  ad-hoc 
fashion,  adding  tape  backup  units  to  PCs  and  servers  as 
needed,  purchasing  different  units  (and  even  different  for¬ 
mats)  for  individual,  workgroup  and  data  center  needs. 
Users  of  DDS  tape  systems  whose  tapes  lack  the  capaci¬ 
ty,  speed  or  level  of  automation  to  meet  burgeoning 
demands  typically  need  to  implement  different  tape  stor¬ 
age  systems  for  different  needs,  creating  the  lack  of  a  con¬ 
sistent,  broad  strategy.  That  situation  relegates  tape  stor¬ 
age  to  a  tactical  (but  still  important)  function,  incapable  of 
easily  adapting  to  new  business  challenges.  Those  chal¬ 
lenges  include: 

Explosion  of  data  -  A  few  years  ago,  most  users  con¬ 
sidered  only  a  handful  of  specialized  documents  or  specif¬ 
ic  databases  to  be  business-critical  data.  But  that's  all 
changed.  E-mail  files,  Web  site  content,  transaction  data, 
multimedia  files,  sales  materials  and  PowerPoint  slides 
are  among  the  business-critical  data  that  most  organiza¬ 
tions  want  to  archive  and  protect  on  a  regular  basis.  In 
2000,  the  research  firm  IDC  projected  that  data  storage 
requirements  would  grow  an  average  of  87%  annually. 

Increasing  storage  costs  -  With  traditional  backup 
systems,  more  data  means  more  tapes,  and  more  tapes 
mean  more  money  spent  on  media.  Unfortunately,  backup 
systems  created  5  or  10  years  ago  simply  aren't  designed 
to  handle  the  explosive  growth  of  backup  requirements 
we  see  today.  Consequently,  companies  are  caught  on  a 
tape  treadmill,  constantly  purchasing  additional  tapes  to 
handle  increased  volume. 

Greater  need  for  business  continuity  -  While  it's 
always  been  important  to  ensure  that  critical  data  can  be 
recovered  in  the  event  of  a  problem,  over  the  past  few 
years,  it's  become  critical  to  ensure  that  businesses  can 
continue  to  function  in  the  event  of  equipment  problems  or 
a  disaster.  For  most  companies  the  cost  of  downtime — 
even  a  few  hours — can  greatly  exceed  the  expense  of 
adequate  protection. 

New  government  mandates  -  A  variety  of  organiza¬ 
tions  need  to  archive  more  data  because  of  new  govern¬ 


ment  mandates  and  industry  standards  that  require 
increased  protection  of  data,  as  well  as  the  archiving  and 
storage  of  a  broader  range  of  corporate  or  customer  data. 
For  example,  health  care  organizations  must  meet  require¬ 
ments  for  the  Health  Insurance  Portability  and 
Accountability  Act  (HIPAA),  while  financial  services  com¬ 
panies  are  subject  to  more  stringent  Securities  and 
Exchange  Commission  regulations  for  data  storage. 

Faster  backup/reduced  administration  -  Backup 
and  restore  processes  take  longer  as  the  volume  of  busi¬ 
ness-critical  data  that  needs  to  be  archived  grows,  both  on 
the  desktop  and  in  the  data  center.  The  number  of  tapes 
necessary  to  handle  that  data  also  increases,  as  does  the 


administrative  overhead.  In  many  organizations,  IT  person¬ 
nel  spend  far  too  much  time  managing  inefficient  tape 
strategies  and  not  enough  time  working  on  tasks  that  add 
value  to  the  business. 

With  such  a  wide  range  of  new  data  storage  challenges 
facing  companies,  it's  no  wonder  that  traditional  tape  stor¬ 
age  systems  have  become  almost  more  of  a  hindrance  than 
a  help.  What's  needed  is  a  way  to  turn  archival  data  storage 
from  a  time-consuming  chore  to  a  strategic  advantage — 
one  that  can  help  increase  business  continuity,  increase  IT 
flexibility,  decrease  the  time  spent  on  routine  maintenance 
tasks  and  proactively  meet  evolving  business  needs. 

A  variety  of  data  storage  advances  over  the  past  few 
years  bring  just  such  dramatic  benefits,  especially  to  orga¬ 
nizations  currently  employing  DDS  formats.  For  example, 
Sony's  AIT  data  storage  systems  are  designed  to  cover 
everything  from  PC  backup  and  workgroup-level  require¬ 
ments  to  automated  data  center  needs.  Instead  of  having 
multiple  tape  formats  across  these  groups,  Sony's  AIT 
allows  an  organization  to  have  a  single  tape  format,  pro¬ 
viding  a  seamless  migration  strategy  as  backup  volumes 
grow.  Enterprises  can  upgrade  to  AIT  gradually,  replacing 
individual  older  systems  as  capacity  needs  dictate — typi¬ 


cally  for  a  price  equivalent  to  that  of  traditional  DDS-4  sys¬ 
tems,  but  with  increased  performance,  capacity  and  relia¬ 
bility.  And  with  AIT,  your  investment  is  protected.  Indeed, 
since  AIT  was  introduced  in  1996,  Sony  has  doubled 
capacity  with  each  generation,  culminating  in  today's 
super-drive  class  AIT-3. 

AIT  also  has  a  number  of  other  important  benefits  when 
compared  to  DDS  tape  systems,  including: 

Better  reliability  -  Sony  AIT  systems  are  rated  for 
100%  duty  cycle  (unlike  DDS),  so  they  are  perfect  for  auto¬ 
mated  libraries  and  network-attached  storage  needs.  In 
addition,  AIT's  helical  scan  recording  and  Advanced  Metal 
Evaporated  (AME)  tape  provide  increased  reliability, 
extended  media  life  and  reduced  cleaning  requirements 
compared  with  DDS  systems. 

Smaller  form  factor  -  AME  media  and  helical  scan 
recording  provide  the  highest  density  of  any  data  tape, 
enabling  high-capacity  AIT  systems  to  fit  in  a  3.5-inch  for¬ 
mat. 


Fewer  tapes,  more  capacity- AIT  cartridges  can  hold 
up  to  five  times  the  uncompressed  capacity  of  DDS-4, 
greatly  reducing  the  number  of  tapes  required  for  backups 
and  thereby  cutting  the  ever-growing  cost  of  media. 

Greater  speed  -  With  Sony's  Memory  In  Cassette 
(MIC)  flash  memory  chip,  AIT  cartridges  provide  much 
faster  file  access  and  recovery,  reducing  the  amount  of 
time  it  takes  to  recover  lost  data  or  downed  systems  and 
contributing  to  a  strong  business  continuity  plan. 

Lower  cost  -  AIT-1  drives  cost  less  than  DDS-4  drives, 
yet  deliver  increased  capacity  and  speed. 

As  data  volumes  grow,  perhaps  you  can  make  do  with 
your  current  DDS  tape  systems  by  adding  more  tapes  to 
the  backup  rotation,  allocating  more  time  for  maintenance 
and  restoration,  and  using  a  jumble  of  different  tape  for¬ 
mats  for  different  needs.  But  in  the  long  run,  it  makes 
more  sense  to  reconsider  your  data  storage  needs  and  to 
find  a  solution  that  will  provide  continuity,  consistency 
and  compatibility  throughout  your  entire  organization. 
With  proven  new  technologies  such  as  Sony's  AIT  tape 
storage  systems  addressing  today's  most  pressing  busi¬ 
ness  and  backup  requirements,  you  can  turn  your  backup 
processes  into  a  business  benefit  instead  of  an  IT  liability. 


AIT  Grows  With  You 

AIT  easily  handles  today's,  and  tomorrow's,  storage  needs. 


Sony  AIT  Drives 
and  Autoloaders 
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Sony  StorStation™ 
AIT  Libraries 


Sony  StorStation™ 
Backup  Servers  and 
File  Servers 


Ideal  for  server  and 
desktop  backup,  DDS 
replacement 


Backup  automation  for 
local  offices,  enterprise 
departments 


LAN-based  backups, 
remote/distributed  backups, 
data  consolidation/sharing 


Learn  More  About 


Sony  AIT  Solutions 


■ 

■  ■■:■  - 


Download  the  free  white  paper,  "Formulating  A  Tape  Backup 
Strategic  Plan,"  and  learn  more  about  Sony  storage  solutions. 
Visitwww.nwfusion.com/sony/DDSNW. 
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A  Healthier  Call  Center 

Cisco  Customer  Contact  Solutions  help  health  intelligence  and  solutions  provider 
CorSolutions®  integrate  its  four  call  centers  into  a  virtual  customer  interaction  network. 


Living  with  a  chronic  disease  means  paying  extra  attention  to  your  health 
and  making  sure  you  follow  doctor's  orders  on  everything  from  how  to  take 
medications  to  what  to  eat.  But  there  will  always  be  times  when  you're  just 
not  sure  what  to  do  about  a  particular  symptom,  whether  it's  serious  enough 
to  see  your  doctor  or  even  requires  a  trip  to  the  emergency  room. 

Participants  in  CorSolutions'  disease  management  programs  have  another 
option:  call  a  registered  nurse  who  is  educated  to  handle  their  specific  condi¬ 
tion.  CorSolutions,  a  leading  disease  management  company,  provides  cus¬ 
tomer-centric  telephonic  interventions  to  support  individuals  with  chronic  dis¬ 
ease.  Health  plan  providers  and  employers  turn  to  CorSolutions  to  deliver 
information  to  individuals  with  one  or  more  of  over  30  chronic  conditions  — 
from  asthma  and  diabetes  to  heart  disease.  The  idea  is  to  help  participants 
manage  their  diseases,  keeping  them  healthier  and  reducing  the  need  for  hos¬ 
pitalization  and  trips  to  the  emergency  room. 

The  company  uses  a  combination  of  communication  channels  including 
educational  mailings,  interactive  voice  recognition,  Web-based  tools  and  tele¬ 
phone  conversations  to  customize  a  health  management  plan  for  each 
patient.  Providing  the  right  help,  at  the  right  time  and  by  the  right  method  is 
critical  to  the  program's  success.  "Some  participants  prefer  reading,  others 
may  prefer  using  the  Web-based  education  and  tracking  tools,  while  many 
others  prefer  direct  telephonic  communication,"  says  R.  Thomas  Brady,  CIO 
for  CorSolutions,  based  in  Buffalo  Grove,  III. 

The  telephone  is  crucial  to  the  company,  whether  it's  used  to  field  calls  com¬ 
ing  in  at  all  hours  from  participants  or  to  conduct  regularly  scheduled  outgo¬ 
ing  calls.  When  CorSolutions  needed  to  upgrade  its  telephony  and  contact 
center  infrastructure,  it  opted  for  an  IP  Communications  solution  from  Cisco 
Systems  that  includes  Cisco  IP  Contact  Center  (IPCC)  Enterprise  Edition. 

On  the  road  to  IP 

CorSolutions  operates  four  call  centers  —  at  its  Illinois  headquarters  and  in 
Fort  Lauderdale,  Fla.,  Philadelphia  and  Phoenix. 

As  the  company's  business  expanded,  customers  began  requesting  reports 
on  such  items  as  call  frequency  and  call  duration  —  reports  that  CorSolutions' 
TDM-based  PBX  and  ACD  system  couldn't  easily  provide.  Additionally,  while 

CorSolutions  had  similar  call 
processing  equipment  in 
each  of  its  locations,  the  sys¬ 
tem  was  not  fully  integrated, 
creating  challenges  in  ensur¬ 
ing  that  callers  were  connect¬ 
ed  to  the  appropriate  nurse 
in  an  efficient  manner. 

"We  looked  at  trying  to 
upgrade  the  system  and 
found  that  it  was  prohibitive¬ 
ly  expensive  for  technology 
that  we  thought  really  wasn't 
going  to  be  around  a  long 
time,"  Brady  says. 

CorSolutions  decided  that 
an  IP-based  solution  was  the 
way  to  go,  and  before  long 
Cisco  representatives  were  on  site  learning  about  CorSolutions'  requirements 
—  which  included  skills-based  routing,  consolidated  reporting,  integrated  call 
processing  and  centralized  management. 

In  the  spring  of  2002  the  company  installed  a  Cisco  IP  Telephony  network 
that  includes  Cisco  CallManager  software.  Cisco  CallManager  provides  the 
central  telephony  intelligence  that  is  shared  across  all  remote  sites  and  enables 
4-digit  dialing  over  the  wide-area  network  to  any  CorSolutions  location.  Cisco 
Unity  software  provides  voicemail  to  all  of  CorSolutions'  users.  Similarly,  the 
three  remote  contact  centers  can  tap  in  to  Cisco  IPCC  Enterprise  installed  at 
headquarters  —  one  of  the  keys  in  keeping  the  cost  of  CorSolutions'  Cisco 
implementation  far  below  that  of  proposed  solutions  from  competing  TDM- 
based  vendors.  Enabled  by  Cisco  AWID  (Architecture  for  Voice,  Video  and 
Integrated  Data),  the  IP  Communications  solution  works  seamlessly  with  the 


Learn  more  about 

Cisco  IP 

Communications 

Download  the  free  Cisco  "Straight 
Talk  on  IP  Communications"  pack, 
including  independent  evaluations, 
customer  success  stories  and  a 
financial  justification  white  paper. 

Visit: 

www.nwfusion.com/gocv/adv6 
or  enter  DocFinder  4322. 


underlying  Cisco  converged  data  and  voice  network.  CorSolutions  uses 
CiscoWorks  2000  software  to  manage  the  entire  infrastructure  and  monitor 
the  health  of  its  IP  Telephony  network. 

CorSolutions  immediately  realized  cost  benefits.  For  one,  it  was  able  to 
replace  approximately  120  plain  old  telephone  service  (POTS)  lines  with  ISDN 
primary  rate  interface  (PRI)  links,  producing  a  savings  of  about  3%  since 
deployment.  The  new  inter-office  calling  capability  likewise  produced  a  small 
savings  in  real  dollars.  The  largest  savings,  however,  came  from  increased 
frame  relay  utilization.  CorSolutions  consolidated  multiple  T-ls  into  a  6  Mbps 
fractional  ATM  port,  reducing  frame  relay  costs  by  more  than  50%  monthly. 


IP  Enables  a  Customer  Interaction  Network 


router 


WAN 


Reaping  the  benefits 

Now  the  company  can  easily 
transfer  calls  among  any  of  its  call 
centers  and  use  the  skills-based 
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Cisco  IPCC  Enterprise  Edition 
provides  intelligent  skills-based 
routing,  consolidated  reporting 
and  CTI  functionality  across  four 
call  centers,  creating  a  customer 
interaction  network  for 
CorSolutions. 
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routing  functionality  of  Cisco 

IPCC  Enterprise  to  find  the  most  appropriate  agent,  improving  employee  pro¬ 
ductivity  and  enhancing  customer  satisfaction. 

CorSolutions  is  also  using  Cisco  7940  and  7960  IP  Phones,  which  has  result¬ 
ed  in  additional  savings  for  the  company  related  to  moves,  adds  and  changes, 
and  further  simplifies  the  task  of  transferring  and  conferencing  calls. 

The  reporting  capabilities  of  Cisco  IPCC  Enterprise  are  another  plus  for 
CorSolutions.  Brady  can  use  Cisco  WebView  software  to  get  a  global  view  of 
contact  center  operations  in  both  real  time  and  historical  form. 

CorSolutions  will  soon  derive  even  more  value  out  of  its  contact  center 


implementation  by  integrating  Cisco  IPCC  Enterprise  to  CorConnectSM,  a 
Web-based  clinical  care  system.  This  integration  will  enable  soft  dialing  from 
customer  records,  which  will  reduce  manual  dialing  errors.  It  will  also  drive 
screen  pops  of  client  data  to  nurses'  PCs  as  they  make  or  receive  calls,  leading 
to  more  productive  and  personalized  interactions. 

"CorSolutions  is  very  pleased  with  the  Cisco  technology,"  Brady  says.  "It  has 
helped  the  company  increase  our  operational  efficiency  and  improved  the 
effectiveness  of  our  service  delivery.  Using  this  technology  assists  us  with  what 
we  do  best,  helping  individuals  improve  their  health  through  education  and 
support  in  the  management  of  chronic  diseases." 


This  is  the  sixth  of  a  six-part  advertising  series  on  Cisco  IP 
Communications  solutions.  Look  online  for  the  first  five  parts 
in  the  series:  www.nwfusion.com/gocv/vadv6 
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Wanted:  Blade  server  mgmt  software 

With  the  devices  proliferating,  corporate  users  need  ways  to  manage  the  hardware. 


■  BY  DENISE  DUBIE 

As  users  scramble  to  scrimp  and  save 
by  putting  applications  on  low-cost 
blade  servers,  they  are  increasingly  look¬ 
ing  for  more  sophisticated  ways  to  man¬ 
age,  provision  and  automate  these  new 
environments. 

Blade  servers  —  high-density,  low-power 
blade  computers  —  have  emerged  in  the 
past  two  years  as  a  less-expensive  and 
space-saving  option  for  corporate  users 
looking  to  build  scalable  and  redundant 
data  centers.  Server  blades  come  in  the 


■Takes 

■  Netegrity's  new  software  applica¬ 
tion  is  intended  to  make  it  easier  for 
organizations  to  securely  exchange 
user-identity  and  sign-on  information 
using  Security  Assertion  Markup  Lan¬ 
guage.  The  Netegrity  SAML  Affil¬ 
iate  Agent,  announced  last  week,  is 
designed  to  run  on  servers  that  sup¬ 
port  business-to-business  and  busi- 
ness-to-customer  sites,  and  corporate 
intranets.  The  lightweight  application 
will  make  it  easier  for  companies  to 
share  user  and  sign-on  information 
between  their  Web  sites  regardless 
of  the  technology  infrastructure  being 
used  on  each  side  of  a  transaction. 
SAML  is  an  XML  standard  for  ex¬ 
changing  logon  information  between 
distinct  Web  sites,  for  example  as  part 
of  business-to-business  or  business- 
to-consumer  transactions.  With  the 
new  agent,  partner  sites  that  are  not 
using  SiteMinder  will  more  easily  be 
able  to  recognize  and  authenticate 
that  SAML  identity  from  sites  that 
are,  Netegrity  said.  Oblix  also  said 
last  week  that  it  had  integrated  the 
SAML  standard  in  its  just-released 
NetPoint  Version  6.1.  That  product 
will  let  companies  using  NetPoint  ex¬ 
change  SAML  assertions  with  secur¬ 
ity  systems  at  other  partner  sites, 
providing  a  single  sign-on  to  resources 
on  those  sites. 

www.netegrity.com; www.oblix.com 


form  of  single  boards  one-eighth  the  size  of 
a  typical  1U  server  and  consume  up  to  12 
times  less  power. 

The  use  of  these  low-cost  devices  — 
prices  can  start  at  $  1 ,000  —  is  skyrocketing. 
The  Yankee  Group  reports  enterprise  and 
telecom  users  worldwide  spent  $95  million 
on  blades  in  2002,  and  the  market  research 
firm  expects  to  see  the  market  grow  to 
$3.78  billion  by  2006.  The  growing  market 
for  blade  servers  is  driving  hardware  and 
software  vendors  to  deliver  blade  manage¬ 
ment  products. 

“Now,  it’s  the  Wild  West  in  terms  of  man¬ 
aging  blades,”  says  Jamie  Gruener,  a  senior 
analyst  at  The  Yankee  Group.  “The  server 
vendors  themselves  are  offering  provision¬ 
ing  tools,  and  the  systems  management 
vendors  are  putting  out  server  manage¬ 
ment  modules.” 

For  now,  many  users  opt  to  manage 
servers  with  homegrown  tools.  Take  Rama- 
swamy  Aditya.  He  says  the  blade  servers  he 
bought  from  RLX  Technologies  are  easier  to 
manage  than  the  1U  servers  also  running  in 
his  data  center. 

“All  in  all  the  management  of  the  blade 
servers  is  far  easier  than  traditional  rack- 
mount  servers,  the  density  is  greater  and 
the  power  consumption  much  lower,” 
Aditya  says. 

The  CTO  at  Web  application  hosting  com¬ 
pany  Zapatec  in  Berkeley  Calif.,  uses  a  com¬ 
bination  of  remote  protocol  monitoring  for 
applications,  such  as  syslog  and  SNMP  to 
gauge  blade  performance.  Aditya  also  uses 
an  open  source  operating  system  called 
FreeBSD  and  Linux  on  the  blade  servers  to 
perform  out-of-band  management. 

Along  with  Aditya,  Carl  Alexander,  senior 
systems  and  network  administrator  at 
TERC,  a  nonprofit  education  research  and 
development  organization  in  Cambridge, 
Mass.,  says  he  manages  blade  servers  via 
the  serial  console  with  a  “home-brewed 
secure  console  server’’ And  he  says  the  sys¬ 
tem  is  flexible  and  scalable,  with  no  need 
for  software  instrumentation. 

“This  system  involved  hardware  costs  of 
less  than  $50  per  host,  zero  software  costs 
and  certainly  no  more  systems  administra¬ 
tion  time  than  configuring  a  commercial 
server  management  solution,”  he  says. 

Blade  management  basics 

Managing  blades  shouldn’t  vary  much 
from  managing  typical  servers. 

Corporate  users  want  to  monitor  avail¬ 


ability  and  performance,  as  well  as  spot 
potential  hardware  problems  before  they 
cause  downtime.  Because  blades  are  hot- 
swappable  they  can  be  a  potential  man¬ 
agement  problem.  Corporate  users  must  be 
able  to  quickly  discover  new  blades,  iden¬ 
tify  the  proper  configuration  and  allocate 
the  necessary  images  to  the  blades. 

Because  blades  also  serve  as  inexpensive 
options  for  branch  offices  or  sit  on  the 


■  BY  ELLEN  MESSMER 

DEDHAM,  MASS.  —  Cyber-Ark  has 
expanded  its  secure  data  storage  package 
to  help  users  more  easily  exchange  en¬ 
crypted  data  between  their  customers 
and  business  partners  across  the  Internet. 

Inter-Business  Vault  is  Windows-based 
server  software  that  automatically  encrypts 
all  stored  files.  It  is  usually  placed  between 
firewalls  at  the  access  point  to  the  Internet 
so  that  encrypted  files  can  be  accessed  via 
a  custom-built  Windows  or  Web  client.The 
software  is  touted  as  an  alternative  to  VPNs, 
promising  better  performance  and  easier 
administration. 

In  the  second  version,  Cyber-Ark  offers 
the  option  of  having  a  business  partner  in¬ 
stall  internal-LAN  gateway  software  as  an 
alternative  to  using  the  Vault  desktop  client 
software.  The  gateways,  sold  separately  for 
either  HTTP  FTP  or  Microsoft’s  Common 
Internet  File  System  (C1FS)  protocol,  allow 
for  faster  file  transfer  than  existing  client 
software  does  by  using  server-to-server 
data  compression  and  caching. 

Some  corporations  already  using  Cyber- 
Ark  Vault  with  the  desktop  client  access  say 
they  will  switch  to  the  gateways  because  it 
will  allow  more  speedy  transfer  of  data  to 
business  partners. 

“We  have  used  Inter-Business  Vault  in¬ 
ternally  to  provide  secure  means  of  trans¬ 
ferring  highly  confidential  files,”  says  Tom 
King,  chief  information  security  officer  at 
Lehman  Brothers,  where  the  use  of  Vault 
is  often  combined  with  the  RSA  Security 
SecurlD  dynamic  passwords  for  two-fac¬ 
tor  authentication.“Vault  is  firewalled  so  it 


edge  of  the  network,  network  executives 
must  be  able  to  administer  blades  re¬ 
motely,  which  requires  certain  asset  or 
desktop  management  capabilities.  And 
while  many  software  vendors  such  as 
Computer  Associates  and  BMC  Software 
have  tools  to  manage  systems  and  servers, 
there  are  no  standards  to  manage  blades. 

“Vendors  have  completely  different  ideas 
See  Blades,  page  24 


V  PROFILE:  CYBER-ARK  SOFTWARE 

Location:  Dedham,  Mass. 

Founded:  1999 

Founders:  Alon  Cohen,  Udi  Mokady 

Primary  product:  Inter-Business 
Vault,  software  for  controlling  access 
to  server  data. 

Financing:  $20  million  from  Jerusalem 
Venture  Partners,  Vertex,  JP  Morgan 
Chase,  Nomura  International,  IDB 
Development  and  others. 

Employees:  45 

Fun  fact:  Cohen,  formerly  with  the 
i  Israeli  Army’s  system  and  security 
department,  gotparticularly  interested 
in  data-storage  security  after  a 
personal  e-mail  to  a  girlfriend  found 
I:  its  way  into  the  hands  of  Army  troops. 


will  only  talk  to  the  Vault  client  software. 
We  will  definitely  move  to  the  new  ver¬ 
sion  of  the  product,  with  the  [C1FS]  gate¬ 
way,  so  we  can  extend  its  utility  out  to 
external  firms  and  in  some  of  our  branch 
offices.” 

Vault  is  priced  starting  at  $30,000  but  can 
go  as  high  as  $100, 000. The  HTTP  and  FTP 
gateways  for  the  Vault  are  available  now; 
the  CIFS  gateway,  which  will  let  users  ac¬ 
cess  Vaulted  information  as  if  it  were  just 
another  drive  in  Windows  Explorer,  will  be 
available  by  the  end  of  this  quarter.  Each 
gateway  costs  $5,000. 

Cyber-Ark:  www.cyber-ark.com 


Cyber-Ark  bolsters  its 
data  protection  tool 
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It  would  have  taken  a  concentrated 
effort  for  Intuit  to  do  a  better  job  of 
messing  up  its  public  image  than  it  did 
when  introducing  an  activation  require¬ 
ment  for  the  Windows  version  ofTurboTax. 

From  the  point  of  deciding  to  require 
such  a  feature  and  then  every  step  of  the 
way  the  company  seemed  to  pick  the  path 
that  would  maximize  user  suspicions  and 
the  damage  to  Intuits  image  and  product 
sales.  It’s  almost  like  whoever  at  Intuit  made 
these  decisions  was  a  mole  in  the  secret 
pay  of  H&R  Block,  which  sells  TaxCut,  the 
main  competitor  to  TurboTax. 


Enterprise  Applications _ 

Mission  accomplished? 


In  the  early  days  of  PCs,  many  software 
companies  tried  various  forms  of  copy  pro¬ 
tection  to  “protect  their  [intellectual  prop¬ 
erty  rights],”  an  Intuit  spokesman  says. The 
schemes  caused  widespread  user  revolt 
and  within  a  few  years  almost  all  of  the 
schemes  had  been  discarded  in  favor  of 
unprotected  versions.  Intuit  seems  to  have 
studied  everything  that  the  customers 
found  to  be  wrong  with  the  old  protection 
techniques  and  carefully  recreated  them  in 
TurboTax. 

System  backups  are  hard  if  not  Im¬ 
possible;  recovery  from  a  disk  replacement 
is  problematic;  moving  the  software  to  a 
different  machine  is  blocked;  and  there  is 
no  assurance  that  you  will  be  able  to  use 
the  software  in  five  years.Then  Intuit  added 
a  few  other  touches:  the  company  did  not 
make  it  clear  to  users  what  was  happening; 
it  used  third-party  software  that  was  widely 
thought  to  be  spyware;  and,  the  company 


set  it  up  so  that  the  third-party  software 
would  run  in  the  user’s  machine  forever, 
even  if  TurboTax  was  uninstalled.  Good  job 
indeed  if  you  worked  for  H&R  Block,  but 
not  so  good  if  your  loyalty  was  to  Intuit. 

But  just  what  problem  was  Intuit  trying  to 
solve?  Remember  that  this  is  inexpensive 
software  (starting  at  $19.95)  with  a  built-in 
requirement  to  purchase  new  software 
each  year  forced  by  the  U.S.  Congress 
changing  tax  laws.  Was  there  so  much  pi¬ 
racy  of  the  $19.95  version  that  it  was  worth 
making  life  significantly  harder  for  users?  I 
would  expect  that  most  of  the  piracy  that 
did  exist  was  not  by  individuals  who  gave 
copies  of  the  CD  to  their  officemates,  but 
rather  by  professional  software  pirates.  So 
making  usage  harder  for  the  average  user  is 
the  equivalent  of  punishing  New  York  City 
because  of  a  few  crooks.  Maybe  Intuit 
thinks  this  is  a  reasonable  balance.!  would 
predict  that  if  the  company  keeps  thinking 
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this  way,  H&R  Block  will  be  the  beneficiary 
and  Intuit  will  have  less  to  worry  about 
because  it  will  be  selling  less  software. 

Software  piracy  is  a  real  problem,  but  it 
should  be  addressed  where  the  real  threat 
is  and  that  is  generally  not  with  individuals 
buying  inexpensive  software.  I  expect  that 
there  are  things  which  can  be  done  tech¬ 
nically  to  help  here,  but  let’s  aim  at  the 
high-value  targets  and  not  penalize  every- 
one.That  is,  unless  you  secretly  work  for  the 
competition. 

Disclaimer:  Intuit  treating  all  of  its  cus¬ 
tomers  like  potential  crooks  might  in¬ 
crease  demand  at  the  Harvard  Law  School, 
but  the  school  did  not  express  an  opinion 
on  the  value  of  moles.  The  above  observa¬ 
tion  is  my  own. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Systems. 
He  can  be  reached  at  sob@sobco.com. 


Blades 

continued  from  page  23 

on  how  to  manage  blades,  and  a  lot  of  the 
offerings  are  very  proprietary?’  Gruener 
says.  Proprietary  systems  represent  a  chal¬ 
lenge  in  managing  across  heterogeneous 
networks,  but  at  this  time,  blades  tend  to 
work  only  with  blades  and  chassis  from 
the  same  vendor. 

Management  products  for  blades  falls 
into  one  of  four  categories:  change  and 
configuration  management;  image  clon¬ 
ing  and  management;  provisioning;  and 
policy-based  management  efforts.  And 
each  vendor  seems  to  have  its  own 
method  to  manage  blades.  Yet,  policy- 
based  management,  in  which  systems  can 
automatically  deploy  predefined  actions 
for  configuration,  security,  provisioning 
and  performance  across  servers  and 
other  networks  elements  —  remains  the 
ultimate  goal  for  vendors  and  users. 

Hardware  heavyweights 

One  crucial  difference  between  blades 
and  traditional  servers  is  volume  —  be¬ 
cause  of  their  space-saving  character, 
there  can  be  more  blades  in  a  smaller 
space  for  corporate  users  to  manage. 

That’s  where  automation  can  help, 
experts  say.  IBM  and  HP  have  begun  their 
policy-based  management  under  the 
guise  of  their  autonomic  computing  and 
utility  computing  product  road  maps,  re¬ 
spectively.  The  idea  is  that  an  intelligent 
infrastructure  coupled  with  smart  soft¬ 
ware  will  be  able  to  reallocate  storage, 
processing  and  network  resources  on 
the  fly. 

In  terms  of  blade  servers, IBM,  through  its 
eServer  BladeCenter  line,  provides  IBM 
Director  management  software  free  with 
its  eServer  blades.  IBM  Director  includes 
client  software  that  acts  as  agents  running 
on  the  blades  that  deliver  management 
information  back  to  the  server,  which  is  a 
snap-in  module  on  the  back  of  the  blade 
chassis  The  software  can  perform  autodis¬ 


Blade  runners 

While  server  blades  take  up  less  space  and  are  easy  to  replace, 
managing  them  can  pose  some  challenges. 


Proprietary  software:  Management  packages  are  mostly 
proprietary,  limiting  customers  to  buying  management  tools  from 
their  blade  vendor. 

Cabling  cons:  With  blade  servers,  serial  consoles  are  not 
consolidated  as  they  are  with  typical  Ethernet  cables,  preventing 
users  in  some  cases  from  getting  a  consolidated  view  of  all  their 
server  blades. 

Cost-efficient  tools:  Products  to  manage  blades  can  be  pricey 
for  enterprise  users  with  only  a  few  blade  servers.  Freeware  and 
shareware  may  be  a  better  option. 

Storage  concerns:  Server  blades  lack  storage  space.  Enterprise 
users  might  have  to  connect  blades  to  external  servers  to  store 
important  data,  adding  to  the  complexity  of  the  blade  environment. 

Chassis  age  and  type:  Newer  server-blade  versions  can  outdate 
a  chassis  before  its  time.  For  example,  a  1 U  chassis  cannot  accept 
newer  blades  that  require  two  slots  rather  than  one. 


Home  field 
advantage 

A  recent  Yankee  Group 
study  showed  about 

40% 

of  current  blade  server 
users  wrote  custom 
scripts  to  provision 
server  blades  rather  than 
buying  vendor  software 
to  handle  the  task. 


will  serve  as  a  management  portal  for 
servers,  storage  systems,  switches  and  soft¬ 
ware  in  the  network.  Sun  will  ship  Control 
first  on  a  new  set  of  blade  servers  due  in 
the  first  quarter. 

And  Veritas,  which  at  year-end 
announced  it  would  be  acquir¬ 
ing  server  provisioning  soft¬ 
ware  vendor  Jareva  Technol¬ 
ogies  and  application  perfor¬ 
mance  management  software 
maker  Precise  Software,  also 
might  enter  the  policy-based 
server  management  market, 
Gruener  says.  He  adds  that  Dell 
will  most  likely  partner  to  add 
management  capabilities  to  its 
blade  server  offerings. 


covery  on  blades  and  quickly  reprovision 
one  when  a  swap  is  made. 

IBM  pairs  its  hardware  and  software  by 
adding  LightPath  Diagnostics  to  the  blades 
and  chassis.  A  specifically  colored  LED 
can  lead  a  network  operator  more  quickly 
to  the  chassis  and  then  server  blade  that 
might  be  having  performance  problems 
or  a  failure,  IBM  says. 

Meanwhile,  HP  which  claims  it  shipped 
about  15,000  blades  in  2002,  manages 
blades  with  Insight  Manager  7,  a  package 
it  picked  up  in  its  November  2002  acquisi¬ 
tion  of  Compaq.  Insight  Manager  7  soft¬ 
ware  includes  rapid  deployment  features. 
HP  also  partners  with  desktop  and  asset 
management  vendor  Altiris  to  provide 
remote  management  capabilities  to  the 
blade  and  other  servers. 

RLX Technologies  reports  shipping  6,000 
to  8,000  in  2002,  while  IBM  says  it  has 
shipped  5,000  blade  servers  in  the  past 
10  weeks. 

RLX  also  sells  its  Control  Tower  4  man¬ 


agement  software  with  its  hardware.The 
software  helps  corporate  users  deploy 
and  manage  server  blade  rollouts.  The 
company  says  its  combination  of  soft¬ 
ware  provisioning  tools  and  the  ultra- 
dense  RLX  server  blades  reduces  IT 
labor,  and  it  can  manage  across  Windows 
2000  and  Linux  operating  systems.  Con¬ 
trol  Tower  4  also  gives  users  a  Web-based 
interface  from  which  to  view  blade  ser¬ 
ver  health. 

With  its  N1  initiative,  Sun  now  also 
might  be  entering  the  management  soft¬ 
ware  fray.  The  company,  which  just  this 
month  announced  its  first  blade  (see 
www.nwfusion.com,  DocFinder:  4334),  in 
November  2002  purchased  Terraspring,  a 
start-up  that  makes  software  that  auto¬ 
mates  deployment,  management,  visibil¬ 
ity  and  control  of  heterogeneous  data 
center  environments. 

Sun  recently  announced  it  would  re¬ 
work  the  Terraspring  software  to  form 
what  it  calls  the  N1  Control  Plane,  which 


Software  start-ups 

Companies  offering  strictly 
automation  software  to  man¬ 
age  blades  include  start-ups 
such  as  BladeLogic,  Opsware  (formerly 
Loudcloud),  CenterRun  and  Think- 
Dynamics,  among  others. 

These  start-ups  emerged  along  with 
blades  in  the  past  two  years  and  work  to 
automate  the  process  of  provisioning 
servers  in  data  centers.The  companies  all 
provide  software  that  automates  many 
configuration  processes  that  normally  are 
handled  manually  such  as  the  application 
of  patches  or  the  collection  of  inventory 
information.  One  advantage  of  these  start¬ 
ups  is  that  their  software  can  work  with 
blade  servers  and  traditional  1U  servers 
from  a  variety  of  vendors. 

“Products  like  BladeLogic  are  significant 
because  of  their  cross-platform  character¬ 
istics.”  CIO  Ron  Rose  says.  “Today’s  data 
centers  are  very  problematic  from  an 
administration  perspective,  so  tools  that 
actually  help  unify  the  operations  of  these 
heterogeneous  environments  are  the 
wave  of  the  future." 

Senior  Editor  Deni  Connor  contributed  to 
this  story 


Speed  and  Security — On  the  Go! 

“We  have  been  able  to  reduce  our  credit  card  authorizations  to  an 
average  of  five  second  or  less,”  says  Marty  Maglio,  director  of  IT 
Architecture  for  Wawa  Food  Markets — a  convenience  store 
chain  with  more  than  550  locations  throughout  the  mid-Atlantic 
region. This  has  improved  our  customer  service  while  cutting  our 
communication  costs  in  half!” 

The  Bottom  Line:  New  WAN  solution 
improves  customer  service,  saves  money 


Find  out  more  at  enterasys.com/nw/wawa2. 
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High-Performance,  "Security  Tough"  Branch  Routers 


If  you've  been  fortunate  enough  to  vacation  on  a  tropical  island,  you  know  the  pleasure  of  getting  away  from  it  all. 
Unfortunately,  if  you  own  an  island  home,  you  also  know  the  stress  of  maintaining  this  corner  of  paradise.  It's 
impractical  to  fly  back  and  forth  every  weekend  to  check  on  your  property,  so  you're  consumed  by  thoughts  of  burglary, 
fire,  flood.  Interestingly,  these  problems  are  similar  to  those  faced  by  a  CIO  struggling  to  manage  remote  office  networks. 


Like  a  beach-front  cottage,  your  branch 
offices  may  become  inaccessible  due 
to  natural  or  man-made  disasters.  IT 
systems  may  become  compromised  by 
malicious  hacker  attacks,  disgruntled 
employees  or  Internet-born  viruses. 
WAN  links  may  fail,  or  a  local  utility 
may  dig  up  their  lines  and  inadvertent¬ 
ly  cut  through  yourT-1  cable. 

To  compound  the  problem,  nobody  at 
the  branch  office  can  tell  the  difference 
between  Ethernet  and  Inkjet — so  if 
something  does  go  wrong  they  are  not 
likely  to  diagnose  a  Denial  of  Service 
attack  or  router  configuration  error. 

There  are  steps  you  can  take  to  protect  the 
remote  office  network.  The  most  obvious 
and  the  most  often  overlooked  is  disaster 


assessment.  Determine  the  nature  and 
extent  of  risks,  and  develop  contingencies 
to  address  these  risks.  Other  good  house¬ 
keeping  tasks  include  always  having 
Service  Level  Agreements  for  your  WAN 
connections,  using  distributed  firewalling, 
deploying  VPN  backup  services  and 
setting  up  automated  offsite  data  backup. 


Security  Routers  to  the  Rescue 

To  help  you  meet  the  challenge,  there  are 
new  security  routers. These  devices  provide 
connectivity  over  a  wide  range  of  WAN 
circuits — including  Frame  Relay,  T-l  and 
xDSL — as  well  as  cost-effective  and  rapidly 
deployed  VPN  tunnels.  A  security  router  also 
includes  firewalling  to  protect  remote  office 


networks  from  attack,  and  Intrusion 
Detection  capabilities  so  you  know  when  an 
attack  has  taken  place.  And  unlike  the  prior 
generation  of  routers  that  simply  added 
security  features  on  top  of  an  enormous 
router  code  base,  today’s  security  routers  are 
built  “security  tough”  from  the  ground  up. 

Start  with  a  Plan 

Of  course  the  convergence  of  security  and 
networking  at  branch  offices  requires  more 
than  just  plugging  in  a  new  device.You  must 
have  a  defined  network  security  policy 


Security  systems,  applications  and  services 
are  the  common  constituents  of  just 
about  every  security  strategy.  But  how  does  it 
all  come  together?  For  more  information,,,^ 

go  to  enterasys.com/nw/branch2. 
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New  security  routers  offer  several  options  for  WAN 
connectivity,  while  keeping  costs  in  check  and 
maintaining  the  highest  level  of  security. 
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Enterasys  Branch  Router:  7  Times  the  Throughput  of  Cisco 


The  Tolly  Group  recently  measured  the  per¬ 
formance  of  the  Enterasys  XSR-1805  and  XSR- 
1850  security  routers, and  compared  the  results 
to  the  performance  of  Cisco  Systems  1700 
series  and  2600  series  branch  office  routers 
in  identical  configurations.  Measuring  routing, 
VPN  throughput,  Access  Control  List  (ACL) 
capabilities  and  Quality  of  Service(QoS),  the 
XSR  routers  outperformed  their  Cisco 
equivalents  in  every  category. 

Important  highlights  included: 

•  VPN  Throughput — XSR-1805  forwards 

seven  times  more  zero-loss  throughput 

than  the  Cisco  265 1XM  in  an  IPSec  tun¬ 
nel  configuration  at  100  Mbps  with  1,420- 
byte  packets 


•  Layer  3  Throughput — XSR- 1850 

processes  three  times  the  zero-loss  Layer 
3  throughput  of  the  Cisco  2651XM  at  100 
Mbps  for  512-byte  packets  and  larger 

•  100  Mbps  with  QoS— XSR  1850 

provides  more  than  triple  the  throughput 
of  the  Cisco  265 1XM  when  forwarding 
1,518-byte  packets  at  100  Mbps  with  QoS 
enabled 

The  results  of  the  study  led  Kevin  Tolly, 
president  of  The  Tolly  Group  to  conclude, 
"Typically,  we  see  vendors  test  performance 
with  ancillary  functions  like  ACL  and  QoS 
processing  turned  off,  but  Enterasys  tested 
its  routers  with  full-device  functionality 
enabled,  meaning  users  get  a  truer  picture 
of  overall  device  performance." 

Full  details  and  test  results  are  available  at 

http://www.enterasys.com/performance 
or  http://www.tolly.com. 


Why  high  throughput  when  connecting 
across  WAN  links  at  speeds  of  only  a  few 
megabits?  This  is  analogous  to  why  we  buy 
cars  with  top-rated  speeds  of  160  MPH, 
when  the  speed  limit  in  most  places  is  65 
MPH.  A  high-performance  security  router 
needs  the  horsepower  to  easily  handle  the 
demands  of  real-world  network  configura¬ 
tions — configurations  with  VPN,  ACLs  and 
QoS  enabled — to  protect  your  corporate 
intelligence  and  optimize  your  resources. 

For  example,  when  every  remote  employee 
decides  to  live  stream  the  CEO’s  quarter-end 
earnings  broadcast,  you  know  that  the  XSR 
router  is  up  to  the  task.  Without  a  high- 
performance  security  router,  all  bets  are  off. 


Enterasys’ XSR  security  routers  were  explic¬ 
itly  designed  to  deliver  best-in-class  price 
performance.  For  more  information  go  to 

enterasys.com/nw/tolly2. 
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The  Webcast  Your 
Competition  Doesn't  Want 
You  to  Watch! 


Business-Driven 

Networks: 

Bringing  Business  Intelligence 
into  the  IT  Infrastructure 

A  FREE  Webcast 

presented  by 

ENTERASYS 

NETWORKS™ 

NetworkWorld  #— 

See  it  now  at 

enterasys.com/nw/webcast2 
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EXPECT 
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TO  (EVOLVE 

AROUND 

THEM. 


(SOUNDS  LIKE  A  SOLID 

BUSINESS  PLAN  TO  US.) 


Every  customer  is  an  investment.  But  are  you  investing  wisely? 
mySAP™  CRM,  the  only  open  and  integrated  CRM  solution,  makes  v  aluable 
customer  data  available  to  your  entire  organization.  In  real  time.  So  the  back 
office  knows  what  the  front  office  knows,  which  makes  it  easier  to  give 
customers  what  they  need.  A  lot  more  efficiently.  And  for  a  lot  less  money. 
Visit  sap.com  or  call  800  880  1727  to  find  out  more  about  mySAP  CRM. 


THE  BEST-RUN  BUSINESSES  RUN  SAP 


■  WIRELESS  ■  REGULATORY  AFFAIRS 


■  BellSouth  recently  rolled  out  a 
Gigabit  Ethernet  service  for  whole¬ 
sale  customers,  letting  companies 
connect  multiple  offices  in  BellSouth 
territory  with  high-speed  connec¬ 
tions.  Called  Native  Mode  LAN 
interconnection  Gigabit  Ether¬ 
net  Service,  the  offering  supports 
data,  video  and  multicast.  The  service 
is  available  at  speeds  of  1,000M  bit/ 
sec,  100M  bit/sec  and  10M  bit/sec. 

The  service  is  available  immediately. 
www.bellsouth.com 

■  Verizon  Wireless  and  Citrix 
Systems  recently  revealed  an 
agreement  designed  to  enhance 
mobile  applications  in  vertical  mar¬ 
kets,  such  as  government,  telecom, 
education,  financial  services,  health¬ 
care  and  manufacturing.  Citrix  and 
Verizon  jointly  will  market  services 
using  Citrix's  MetaFrame  software, 
which  enhances  wireless  application 
performance,  and  Verizon  Wireless's 
Express  Network. The  Citrix  software 
eliminates  the  need  to  download 
entire  applications  over  a  wireless 
network.  Only  keystrokes,  mouse 
clicks  and  screen  updates  are  trans¬ 
ferred  between  the  user's  wireless 
device  and  the  server,  consuming  as 
little  as  10K  bit/sec. 

■  Global  roaming  ISP  iPass  last 
week  expanded  the  reach  of  its  Wi-Fi 
wireless  LAN  service  network 
through  an  agreement  with  WiFi  pro¬ 
vider  StayOnline.  IPass  users  now 
can  connect  to  the  Internet  via  850 
802.11b  Wi-Fi  access  points  on  Stay- 
Online’s  network.  StayOnline  has 
agreements  with  18  hotel  chains,  in¬ 
cluding  Crowne  Plaza,  Embassy 
Suites,  Hilton  and  Sheraton.  The 
company  has  deployed  access  points 
that  let  travelers  connect  to  the 
Internet  and  corporate  networks  at 
up  11M  bit/sec.  IPass  has  deployed 
500  access  points  around  the  world 
on  its  network.  Through  partnerships 
such  as  the  one  with  StayOnline, 
iPass  global  roaming  users  can  con¬ 
nect  to  the  Internet  through  about 
4,000  access  points,  www.ipass.com; 
www.stayonline.net 


Qwest  looks  for  turnaround 

Emphasis  to  be  on  better  customer  service,  VoIP. 


■  BY  MICHAEL  MARTIN 

In  the  wake  of  a  CEO  resignation,  federal 
investigation  and  financial  restatements, 
Qwest  says  it’s  looking  to  turn  over  a  new 
leaf  this  year  by  improving  customer  ser¬ 
vice,  unifying  its  Layer  2  and  Layer  3  WAN 
offerings  and  getting  serious  about  voice 
over  IP 

While  there  have  been  signs  of  improve¬ 
ment,  the  carrier  still  has  questions  to 
answer,  according  to  industry  observers. 

“The  investment  banks  are  a  little  more 
optimistic  about  Qwest  and  the  stock  rat¬ 
ing  has  gone  up, ’’says  Lisa  Pierce, an  analyst 
with  Giga  Information  Group.  “But  what’s 
important  is  that  we  still  don’t  know  what 
Qwest  plans  to  concentrate  on.  What  lines 
of  business  and  what  kinds  of  services  will 
be  the  focus?” 

An  issue  Qwest  officials  won’t  have  to 


Gutting  back 


No  RBOC  cut  capital  expenditures 
last  year  as  drastically  as  Qwest. 

Capital  expenditures  (in  billions) 


SBC  Verizon  BellSouth  Qwest 

SOURCE:  COMPANY  REPORTS 

focus  on  quite  as  intensely  is  the  compa¬ 
ny’s  financial  situation.  Last  fall,  with  the 
carrier  teetering  on  bankruptcy  Qwest  sold 
its  directory  business  QwestDex  for  $7  bil- 


SLAs  drive  IP  VPN  selection 


Videoconferencing  provider  goes  with  C&W  offering. 


■  BY  DENISE  PAPPALARDO 

IP  videoconferencing  service  provider 
WireOne  is  looking  to  improve  the  reliabil¬ 
ity  of  its  offering  by  migrating  its  network  to 
Cable  &  Wireless’  IP  VPN  QoS. 

WireOne  originally  outsourced  its  net¬ 
work  to  Exodus,  but  concerns  about  net¬ 
work  performance  caused  it  to  pull  out  of 
that  service  provider’s  data  centers  after 
Exodus  filed  for  bankruptcy  says  Mike 
Brandofino,  CTO  and  executive  vice  presi¬ 
dent  at  WireOne. 

“We  migrated  to  our  own  network  infra¬ 
structure  so  we  could  control  perfor¬ 
mance,”  he  says.  “But  we’re  not  a  network 
company;  we’re  a  video  services  company? 

WireOne  does  not  want  to  manage  its 
own  network,  but  says  it  didn’t  have  a 
choice  because  carriers  were  not  offering 
quality-of-service  guarantees  that  were  up 
to  par.  WireOne  offers  a  managed  point-to- 
point  videoconference  service  called 
Glowpoint  to  businesses  worldwide. 

The  videoconference  service  provider 
has  migrated  five  of  its  13  collocation  facil¬ 
ities  to  C&W’s  managed  IPVPN  QoS  service 
because  the  carrier  is  guaranteeing  mini¬ 
mal  levels  of  jitter,  packet  loss  and  delay, 
Brandofino  says. 

The  five  sites  that  are  connected  to  C&W’s 


VPN  service  are  in  Tokyo;  London;  Denver; 
Segundo,  Calif.;  and  Weehawken,  N.J. 

While  many  service  providers  guarantee 
minimal  levels  of  packet  loss  and  delay  far 
fewer  include  a  metric  for  jitter  with  a  stan¬ 
dard  service-level  agreement.“Jitter  directly 
affects  the  quality  of  a  video  call  and 
there’s  no  fixing  it  once  it  happens,”  Bran¬ 
dofino  says. To  offer  a  high-quality  service, 
it  is  essential  to  keep  jitter  low,  he  says. 

C&W’s  standard  SLA  guarantees  jitter  will 
not  exceed  15  millisecond.  The  carrier’s 
minimal  packet  loss  and  latency  metrics 
vary  greatly  depending  on  class  of  service 
and  geographic  regions. 

WireOne  plans  to  migrate  additional  sites 
to  the  VPN  service,  but  it’s  currently  riding 
out  contracts  it  has  with  other  service 
providers  for  dedicated  T-3  lines  from  when 
it  built  its  own  network. 

C&W  also  plans  to  resell  WireOne’s 
Glowpoint  services  to  its  customers.  ■ 


More  online! 

Read  a  white  paper  from 
WireOne  about  how 
Glowpoint  works. 

DocFinder:  4335 


lion,  buying  the  company  time  to  get  its 
finances  in  order. 

“I  know  the  world  thought  we  were  going 
to  go  bankrupt  last  summer,”  says  Teresa 
Taylor,  executive  vice  president  of  Qwest 
product  management  and  pricing.“One  of 
our  biggest  issues  with  business  customers 
is  to  convince  them  that  we’re  still  here  and 
we’re  not  going  anywhere.” 

Another  ray  of  light  for  Qwest  is  its  effort 
to  win  long-distance  approval  in  14 
Western  states.  After  several  delays,  Qwest 
finally  won  regulatory  approval  in  nine 
states  in  December. 

However,  Qwest  still  is  carrying  more 
than  $22  billion  in  debt  and  reported  a 
net  loss  of  $214  million  in  its  quarter  end¬ 
ing  Sept.  30. 

One  tactic  Qwest  has  used  to  try  to  create 
stability  is  cost-cutting.  The  company 
reduced  its  workforce  by  about  9,000  last 
year.  It  also  sliced  its  capital  expenditures 
by  more  than  60%  from  2001  (see  chart). 

Qwest’s  financial  problems  were  a  source 
of  concern  for  John  Brademeyer,  IT  man¬ 
ager  for  SEI  Information  Technology  a  help 
desk  firm  in  Fargo,  N.D.  SEI  uses  Qwest  for 
local  phone  service  in  its  two  North  Dakota 
offices  and  an  office  in  Indiana.  SEI  also 
uses  Qwest  for  Internet  access  in  all  three 
offices  and  for  professional  services. 

“The  thing  I  keep  in  mind  is  they  have  a 
cash  cow  in  their  local  phone  service 
operation,”  Brademeyer  says.  And,  he  says, 
Qwest  still  is  in  better  financial  shape  than 
WorldCom,  the  company  Brademeyer  uses 
to  provide  Internet  redundancy  for  his  two 
North  Dakota  offices. 

Despite  the  cost-cutting,  Taylor  says 
Qwest  still  is  striving  to  improve  customer 
service. 

“When  US  West  and  Qwest  merged  we 
were  more  focused  on  the  technology  and 
didn’t  spend  as  much  time  looking  at  how 
we  served  customers,”  she  says.  “Last  year 
we  made  a  lot  of  back-office  investment  to 
improve  billing,  provisioning  and  service.” 

Pierce  says  it  will  take  time  for  Qwest  to 
iron  out  its -customer  service  problems. 

Qwest’s  original  focus  under  former  CEO 
Joe  Nacchio  was  IPWhen  Nacchio  realized 
Qwest  couldn’t  survive  on  IP  alone,  the  car¬ 
rier  began  offering  traditional  services 
such  as  frame  relay,  but  Qwest  didn’t  sup¬ 
port  those  services  well,  Pierce  says. 

“A  few  of  those  problems  will  set  you 
back  a  long  time  once  word  gets  out,” 
See  Qwest,  page  28 


28 

NetworkWorld 

_ 02/17/03 

!  Service  Providers 

www.nwfusion.com 

Qwest 

continued  from  page  27 
she  says. 

Qwest’s  main  business  services  focus  this 
year  will  be  merging  the  company’s  various 
WAN  offerings, Taylor  says. 

“We’re  taking  our  frame,  ATM,  VPN  and 
dedicated  Internet  access  networks  and 
pulling  them  together  technically  and  from 
a  service  perspective,”  she  says. 

Qwest  this  year  hopes  to  take  the  first 
steps  along  that  path  by  getting  Layer  2  and 
Layer  3  services  to  talk  to  one  another,  so  a 
customer  could  have  a  multilocation  net¬ 
work  with  both  frame  and  IP  VPN  users 
communicating  with  each  another. 

“Some  day  we’d  like  to  have  all  that  traffic 
flowing  over  one  backbone,  but  we’re  not 
there  yet,”  Taylor  says. 

A  unified  backbone,  which  could  be 
based  on  Multi-protocol  Label  Switching, 
or  another  technology,  is  probably  still  at 
least  two  years  away,  she  says. 

Qwest’s  other  big  technology  initiative 
this  year  will  be  moving  forward  on  VoIP 
Qwest  already  sets  up  customized  private 
VoIP  networks  for  business  customers  and 
offers  integrated  voice/data  T-l  access  for 
smaller  clients.  But  the  company  is  looking 


for  other  ways  to  use  VoIP  in  its  network. 

“There  are  endless  opportunities  there,” 
Taylor  says.“It  could  be  a  big  cost  reduction 
for  us  as  we  begin  to  change  out  parts  of 
our  network.” 

Taylor  says  that  once  Qwest  completes  its 
five  remaining  long-distance  approvals,  the 
company  could  have  a  leg  up  on  the  other 
three  regional  Bell  operating  companies 
because  it  already  has  25  out-of-region 
metropolitan  networks  in  addition  to  its 
long-haul  network. 

However,  Pierce  notes  that  Qwest’s  na¬ 
tional  network  doesn’t  come  close  to  com¬ 
paring  with  those  of  the  pure  interex¬ 
change  carriers.“One  of  Qwest’s  weakness¬ 
es  is  you  need  a  widely  deployed  national 
network  if  you  want  to  go  against  Sprint, 
WorldCom  and  AT&T,”  she  says. “Outside  its 
home  territory,  Qwest  doesn’t  hit  as  many 
cities  as  the  others." 

Ultimately,  Qwest  will  have  to  compete  in 
the  enterprise  market  by  being  aggressive 
on  pricing,  Pierce  says. 

“They  don’t  have  to  give  stuff  awa>f  she 
says.  “But  because  they  have  to  get  their 
foot  back  in  the  door  in  many  cases, 
because  of  the  financial  situation  and  the 
government  investigations,  they  will  have 
to  be  price-competitive."® 


Blame  the  Sprint  board,  not  Esrey  and  LeMay 


You  might  remember  my  column  a 
few  months  back  excoriating  the 
handful  of  unethical  individuals  at 
the  helm  of  WorldCom  for  tarnishing  the 
reputations  of  the  many  talented,  hard¬ 


working  and  honest  folks  in  their  ranks. 

Now  it  looks  as  though  Sprint  employees 
are  living  the  same  nightmare.  Sprint  CEO 
William  Esrey  and  President  Ronald 
LeMay  are  being  asked  to  step  down 
amidst  charges  they  used  questionable 
tax  shelters  to  protect  their  personal 
incomes,  according  to  published  reports. 

Deja  vu?  Not  quite.  Although  it  seems 
superficially  similar,  Sprint’s  case  is  noth¬ 
ing  like  what  happened  at  WorldCom. 

A  year  ago  I  almost  went  on  record  pre¬ 
dicting  that  Sprint’s  management  never 
would  be  guilty  of  unethical  behavior. 
Now  1  wish  1  had,  and  not  because  I  enjoy 
looking  foolish  in  public  or  that  I’m  100% 
certain  that  neither  man  made  a  mistake. 
Why?  It’s  not  Sprint’s  management  that’s 
primarily  at  fault  here.  It’s  the  company’s 
board  of  directors  that’s  at  fault. 

Here’s  what  reportedly  happened.  Con¬ 
sulting  organizations  such  as  Ernst  & 
Young  and  KPMG  charged  Sprint  and  the 
executives  millions  of  dollars  for  tax  ad¬ 
vice,  which  turned  out  to  be  questionable 
in  the  eyes  of  the  IRS.  Years  ago,  Sprint’s 
board  signed  off  on  the  use  of  these  con¬ 
sultants,  both  for  corporate  auditing  and 
for  Esrey’s  and  LeMay’s  private  use. 

But  here’s  the  kicker:  Sprint’s  board  did 
more  than  sign  off.  It  required  Esrey  and 
LeMay  to  use  these  consulting  firms  for 
their  personal  finances,  according  to  pub¬ 
lished  reports. 

Are  you  with  me?  The  board  reportedly 
set  up  the  whole  thing,  forced  manage¬ 
ment  to  go  along  —  and  then  fired  them 
as  scapegoats. 

If  the  published  reports  are  accurate, 
there’s  only  one  word  for  behavior  like 


this:  craven.  Corporate  boards  are  sup¬ 
posed  to  provide  dispassionate  oversight 
and  guidance.  They’re  not  supposed  to 
essentially  force  their  own  management 
teams  to  break  rules,  then  toss  the  man¬ 
agers  overboard  when  they  do. 

Sure,  Esrey  and  LeMay  might  not  be 
blameless.  But  the  worst  thing  you  can  say 
about  them  is  that  they  considered  the 
facts, alerted  the  higher-ups, and  ended  up 
making  the  wrong  judgment  call.  The 
higher-ups,  on  the  other  hand,  completely 
botched  their  handling  of  the  event.  I 
think  responsibility  accrues  to  authority. 
The  higher  you  are  in  the  food  chain,  the 
more  responsible  you  are  —  and  the 
board  is  at  the  very  top. 

For  Sprint  employees,  shareholders  and 
customers,  this  all  might  appear  some¬ 
what  moot.  However,  the  net  effect  of  this 
corporate  turmoil  is  plummeting  stock 
prices  and  perhaps  lowered  customer  ser¬ 
vice  —  regardless  of  who’s  at  fault. 

But  the  truth  matters.  Sprint  sharehold¬ 
ers  and  employees  should  hold  the  board 
accountable  for  its  boneheaded  deci¬ 
sions.  These  people  are  clearly  buffoons 
who  can’t,  and  shouldn’t,  be  trusted  at  the 
helm  of  a  large  corporation. Write  to  them 
and  say  so. 

It’s  not  going  to  happen,  but  I’d  like  to  see 
the  board  provide  a  formal  apology  to 
Esrey  and  LeMay  —  and  to  Sprint's 
employees  and  shareholders,  too,  while 
they’re  at  it. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research ,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Introducing  the  iSorflanus™  Family  of  Multi-Homed  WAN  Gateways 
for  your  Business  Continuity! 

Enables  you  to  combine  up  to  3  WAN  lines  (T1 ,  Frame  Relay,  DSL,  cable  and 
wireless)  via  high  speed  Ethernet  ports  connected  to  the  same  or  different  ISPs  to  give 
your  network  automatic  WAN  backup,  fail-over  and  recovery,  secured  with  firewall 
and  VPN.  With  its  built-in  dynamic  WAN  load  balancing,  you  also  get  the  extra 
benefit  of  expanded  bandwidth. 


With  Amplify. net's  /SurfJanus,  WAN  redundancy  is 
literally  a  "No  Brainer"  decision  for  you! 


•  "No  Brainer"  Price 

•  "No  Brainer"  Installation 

•  "No  Brainer"  Interoperability 

•  '  No  Brainer"  ROI 


Soy  goodbye  to  slow  and  expensive  ISDN  or  analog  backup  today 
and  give  your  WAN  the  redundancy  it  deserves! 


For  more  information 
and  to  receive  our  whitepaper, 
cal'  Amplify.net  at  (510)  360-6070, 
or  e  mail  info@amplifynet.com. 
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3Com  Corporation 
3Com  XRN  Technology 
(800)  NET-3Com 

www.3com.com 

3Com  managed  Gigabit  switches  with 
XRN  (expandable  Resilient  Networking) 
technology  offer  an  innovative  way  to  build 
enterprise  LAN  cores.  This  new  technology 
increases  network  resiliency  and  availability 
while  providing  you  with  affordable,  step- 
by-step  growth.  3Com  Gigabit  switches  with 
XRN  technology  help  you  drive  productivity 
and  collaboration  across  your  organization. 


ADTRAN 
NetVanta  3305 

(800)  9ADTRAN  or  (256)  963-8000 

www.adtran.com 

The  NetVanta  3305  is  a  cost-effective 
access  router  that  allows  for  cost-effective 
Internet  access  and  corporate  frame 
relay  connectivity  from  a  single  platform. 

It  features  dual  network  interface  slots  for 
higher  bandwidth  needs  ranging  from  56K  to 
dualTls  and  dual  auto-sensing  10/IOOBaseT 
Ethernet  LAN  ports  for  DMZ  applications  or 
true  LAN  segmentation. 
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Amplify.net,  Inc. 

(510)  656-1680 

www.amplifynet.com 

Amplify.net,  Inc.,  a  leader  in  solutions  that 
amplify  the  security,  resiliency,  capacity 
and  quality  of  IP  networks,  offers  a  com¬ 
plete  line  of  advanced  Multi-Homed  WAN 
Gateways  for  small  to  mid-sized  enterprises 
and  branch  offices.  The  iSurf Janus  Product 
Family  integrates  advanced  broadband 
WAN  backup  and  dynamic  load  balancing 
with  optional  firewall  and  VPN. 


Avocent  Corporation 

AutoView  1000R/2000R 
(256)  430-4000 

www.avocent.com 

Avocent’s  new  AutoViewlOOOR  and  2000R 
combine  analog  and  digital  KVM  OVER 
IP™  switching  technology  all  in  one  switch 
for  total  control  of  any  server.  AVWorks 
software  is  bundled  with  each  switch  at 
no  extra  charge,  providing  customers  with 
an  intuitive  interface  for  secure  click  and 
connect  access  to  any  server. 


NETWORK 

INSTRUMENTS 


Network  Instruments,  LLC 
Observer® 

(952)  932-9899 

www.networkinstruments.com 

Network  Instruments,  LLC,  is  a  leading 
developer  of  network  management,  trou¬ 
bleshooting  and  analysis  tools,  including 
protocol  analyzers  that  support  speeds 
from  10MB  to  gigabit,  wireless  analysis 
tools,  SNMP/RMON  management  consoles, 
and  WAN  analyzers/Probes  that  monitor 
the  health  of,  and  troubleshoot  problems 
with,  computer  networks. 


CyberGuard  Corporation 
(954)  958-3878 

www.cyberguard.com 

CyberGuard’s  high-security,  high-perform¬ 
ance,  easy-to-manage  firewall/VPN 
appliances  are  designed  for  everything 
from  small  business  to  multi-gigabit  envi¬ 
ronments.  Common  Criteria  EAL4+,  ICSA 
and  ITSEC  E3  certified,  the  appliances  use 
multilevel  security  to  treat  each  layer  of  the 
hardened  OS  discretely,  separating  network 
from  system  levels  to  provide  a  virtually 
impenetrable  firewall  environment. 


Cyclades  Corporation 

AlterPath™  ACS 
(888)  CYCLADES 

www.cyclades.com 

Cyclades,  a  data  center  fault  management 
company,  enables  remote  management  of 
servers,  network  equipment  and  automation 
devices.  Its  products  help  data  center  man¬ 
agers  at  enterprise,  telecommunication  and 
Internet  companies  to  maximize  network 
and  server  availability.  Cyclades  offers  scal¬ 
able  products  leveraging  Linux  technology 
for  flexibility,  ease  of  customization,  securi¬ 
ty  and  innovation. 


It  efforts  have  been  made  to  make  this  listing  as  complete  and  accui 
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Network  Storage  University 
Storage  Management  North  American 
12  City  Seminar  Series 
(866)  575-8232 

www.networkstorageu.com 

Network  Storage  University  is  an  organiza¬ 
tion  of  industry  professionals  developed  to 
aid  the  IT  community  in  keeping  up  with  the 
ever-changing  storage  lanscape.  Our  semi¬ 
nars  cover  topics  such  as  IP  Storage,  SAN, 
NAS,  and  Disaster  Recovery.  We  use  real 
world,  working  solutions  as  examples  and 
show  infrastructures,  architectures  and  plan¬ 
ning  processes  involved  in  these  systems. 


Global  Technology  Associates,  Inc. 
(800)  775-4482 

www.gta.com 

GB-1000  Firewall/VPN  Appliance,  using 
ICSA  4.0  corporate  certified  GNAT  Box 
system  software,  offers  unlimited  user 
licenses,  transparent  NAT,  built-in  iPSec 
VPN,  four  10/100  Ethernet  interfaces,  DCHP 
server,  DNS  server,  secure  remote  manage¬ 
ment  and  content  filtering  in  a  1RU  case. 
High  Availability,  gigabyte  Ethernet  and 
additional  interfaces  are  optional. 


Digital  V6 
(905)  513-3107 

www.digitalv6.com 

Digital  V6  Corp.  specializes  in  developing 
innovative  remote  network  management 
hardware  and  software  solutions.  Digital  V6 
was  the  first  to  introduce  an  over  IP  KVM 
device  with  autpmatic  server  monitoring, 
notification  and  remote  power  control, 
known  as  the  Kaveman.  Available  in  single 
and  eight  channel  versions,  Kaveman  gives 
network  administrators  complete  remote 
control  of  servers  via  a  web  browser,  down 
to  the  BIOS  level. 
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NETWORKS 


Enterasys  Networks 

Business-Driven  Networks ™  for  Enterprise-Class 
Customers 

(603)  332-9400 

www.enterasys.com 

As  a  global  technology  leader  with  more 
than  15  years  of  experience  and  over  700 
patents,  Enterasys  Networks  provides 
Business-Driven  Networks™  to  the  world’s 
most  successful  enterprises.  Leveraging 
one  of  the  industry's  broadest  and  deepest 
product  portfolios — plus  a  full  range  of 
service  offerings — Enterasys  is  uniquely 
qualified  to  optimize  the  Security,  Produc¬ 
tivity  and  Agility  required  for  today's  Global 
2000  organizations. 


Rose  Electronics 
RackView 

(800)  333-9343  or  (281)  933-7673 

www.rose.com 

The  RackView  Advantage...  The  RackView 
offers  the  latest,  most  efficient  way  to  con¬ 
trol  server  rooms  or  multiple  computers  and 
reduce  rack  space  consumption.  RackView 
is  a  1U  or  2U  rack  mountable  KVM  console 
drawer  with  optional  built-in  KVM  switch. 
This  easy-glide,  KVM  console  drawer  con¬ 
tains  an  LCD  video  monitor,  PS/2  tactile 
keyboard  and  high  resolution  trackball. 


NetSupport,  Inc. 

NetSupport  Manager  8.0 
(888)  665-0808 

www.netsupport-inc.com 

NetSupport  Manager  8.0  performs  remote 
support  and  management  on  multiple  sys¬ 
tems  simultaneously  over  a  LAN,  WAN  and 
the  Internet  with  this  powerful  PC  remote 
control  software.  NetSupport  Manager 
provides  speedy,  secure  remote  PC  access, 
dynamic  inventory,  automated  scripting  and 
scheduling,  file  transfer,  remote  deployment, 
system  monitoring,  help  requests  and  much 
more.  Use  NetSupport  Manager  to  manage 
help  desk  support,  mobile  computing,  desk¬ 
top  management,  software  training  and 
system  automation.  Installed  in  millions  of 
desktops  worldwide. 


All  efforts  have  been  made  to  make  this  listing  as  complete  and  accui 
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FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


Telework  in  corporate  America 

Wonder  what  the  other  guys  are  doing?  Take  a  peek  inside  10  firms’  remote  work  programs. 


Telework  snapshot 

A  down  economy  isn’t  keeping  firms  from  promoting  telework.  The 
savvy  ones  are  using  it  to  cut  costs  and  gain  a  competitive  edge. 


Company 

Employees 

What's  new 

AT&T 

25,000  teleworkers; 
5,000  remote  workers 

Firm  is  moving  hundreds  of  teleworkers  into  virtual  offices 
as  a  way  of  reducing  costs  and  increasing  output 

Baxter  BioScience  clinical 
research  department 

35  teleworkers,  12 
remote  workers 

Number  has  increased  25%  in  December  2002,  when  firm 
moved  corporate  office. 

Cigna 

3,100  teleworkers 

Added  1,100  new  teleworkers  in  2001.  Plans  to  increase 
the  number  to  5,000  by  year-end;  goal  is  15%  annually. 

Eli  Lilly  and  Company 

90  formal  teleworkers, 
14,000  informal 

Number  has  increased  30%  from  last  year. 

HP 

10%  to  50%  telework 

No  changes;  mature  program. 

LexisNexis 

2,600  teleworkers 

Program  continues  to  grow,  but  more  slowly  than  its 
inception  eight  years  ago. 

Lockheed  Martin  rr 

About  350  teleworkers 

Firm’s  attitude.  LMIT  found  telework  can  be  managed 
and  increase  productivity  —  in  the  right  setting. 

NASCO 

About  60  teleworkers, 
40  remote  workers 

The  program,  which  was  launched  in  October  2002. 

Nortel 

13,000  teleworkers 

Number  has  decreased  only  7%  between  2000  and  2001, 
despite  massive  employee  layoffs. 

■  BY  TONI  KISTNER  AND  JEFF  ZBAR 

How  does  telework  play  in  your  com¬ 
pany?  Is  working  away  from  the  office 
widely  embraced,  tolerated  or  frowned 
upon?  The  bigger  question:  Is  telework 
saving  your  firm  any  money  —  in  facili¬ 
ties  costs,  increased  productivity,  or  in  em¬ 
ployee  recruitment,  retention  and  train¬ 
ing?  To  find  out,  we  interviewed  execu¬ 
tives  at  more  than  a  dozen  companies 
about  their  programs.  The  results  were 
surprising. 

Today’s  telework  takes  many  forms.  There 
are  formal  programs  dictated  by  corporate 
management  to  cut  costs;  grass-roots  pro¬ 
grams  created  to  meet  employee  needs  or 
demands;  and  occasional  or  informal  tele¬ 
work  —  employees  work  at  home  after- 
hours,  on  a  snow  day  or  when  a  manager 
says  it’s  OK.  Most  firms  with  teleworkers  also 
have  full-time  remote  (or  virtual)  employ¬ 
ees,  often  living  in  another  state. 

Schering-Plough,  with  30,000  worldwide 
employees,  has  a  program  in  its  clinical 
research  division.  Forty  percent  of  its  500 
staffers  telework  formally  two  or  three  days 
per  week  or  work  remotely  The  company 
doesn’t  account  for  occasional  teleworkers. 
“1  have  no  idea  how  many  there  are,  but  I’d 
imagine  the  numbers  are  quite  high,”  says 
project  manager  Gail  Smith. 


■  A  new  survey  debunks  a  commonly 
held  belief:  The  University  of  Mary¬ 
land’s  Robert  H.  Smith  School  of 
Business  found  U.S.  workers  with 
Internet  access  at  home  and  at  work 
spend  more  time  at  home  surfing  the 
Web  for  work  than  they  do  surfing  the 
Web  at  work  for  personal  reasons. 

The  school's  2002  National  Technology 
Readiness  Survey  found  workers 
spend  5.9  hours  per  week  at  home 
online  for  work,  and  only  3.7  hours  at 
work  online  for  personal  business. 
Conducted  last  December,  the  phone 
survey  was  based  on  results  from  501 
respondents,  www.rhsmith.umd.edu/ 
pr/news-ntrs2002.htm 


Similarly  HP  which  has  offered  telework 
and  other  flexible  work  arrangements 
since  1990,  says  it  doesn’t  “centrally  track 
the  use  of  work/life  options.”  However,  it 
estimates  that  between  10%  and  50%  of  its 
workforce  teleworks  one  day  per  week  or 
on  an  ad  hoc  basis. 

While  there’s  nothing  wrong  with  not 
tracking  informal  telework,  it  might  prevent 
companies  from  optimizing  cost  savings. 

Telework  newcomer  NASCO,  an  Atlanta 
national  account  services  company, 
launched  a  small  program  in  October  2002 
with  60  project  managers  working  one  day 
per  week  from  home.  While  NASCO  lauds 
the  increased  productivity  and  employee 
morale,  it  doesn’t  expect  to  save  money 

“We  did  a  cost-benefits  analysis,  looking 
at  everything  from  the  cost  of  computer 
equipment  to  coffee,  lighting,  cubicles,  you 
name  it,” says  Mira  Moss, NASCO’s  vice  pres¬ 
ident  of  human  resources.  “Once  em¬ 
ployees  are  working  three  days  a  week  at 
home,  we  could  recoup  some  office  space. 
But  it’s  one  thing  to  say  you  can  get  rid  of 
these  cubes,  another  to  look  at  the  busi¬ 
ness  that’s  contracted  for. We  have  a  10-year 
lease.  So  even  if  we  got  rid  of  them,  we’re 
still  going  to  pay  With  telework,  the  only 
thing  we’re  saving  on  is  the  occasional  cup 
of  coffee.” 

Schering-Plough  saves  on  office  space  but 
receives  no  direct  cost  savings,  because  the 
company  owns  its  facility  But  telework  will 
keep  the  firm  from  having  to  lease  addi¬ 
tional  space  as  it  grows,  Smith  says. 

Across  the  gulf,  AT&T,  IBM,  Morgan  Stan¬ 
ley,  Sun  and  others  are  realizing  huge  facil¬ 
ities  cost  savings  from  telework.  While  most 
won’t  share  specifics, Sun  says  it  saves  $150 
million  per  year.  Industry  sources  say 
KPMG  saves  $66  million  and  Ernst  and 
Young  well  over  $100  million. 

AT&T’s  program  is  one  of  the  oldest,  larg¬ 
est  and  most  successful.  Last  year,  it  began 
a  big  push  to  “virtual  officing,”  sending  400 
middle  managers  home  for  good,  as  a  way 
to  reduce  costs,  increase  output,  and  im¬ 
prove  job  and  career  satisfaction,  says  Joe 
Roitz,  AT&T’s  telework  director.  To  ease  the 
process,  the  firm  added  a  virtual  office 
piece  to  its  intranet,  so  workers  and  man¬ 
agers  could  handle  the  process  them¬ 
selves.  Rather  than  set  up  a  freestanding 
virtual  office  portal,  AT&T  links  workers  to 
the  relevant  departments  such  as  IT,  facili¬ 
ties  and  purchasing,  to  get  set  up. 

“We’re  creating  a  business  benefit  and 


Schering-Plough  clinical  130  teleworkers,  70 

research  division  remote  workers 

structuring  the  enterprise  for  the  knowl¬ 
edge  economy  which  means  arranging  it 
around  networks,  not  buildings,”  Roitz  says. 

Cigna,  which  employs  38,000  people, 
saves  $3,000  per  year  per  employee  in 
office  space,  and  reports  a  30%  decrease  in 
turnover  and  15%  increase  in  productivity 
among  teleworkers.  Such  numbers  are  dri¬ 
ving  the  health  insurance  company  to  in¬ 
crease  its  teleworkers  by  15%  annually 
Nortel  and  Merrill  Lynch  continue  to  pro¬ 
mote  telework,  despite  grim  downsizing. 
Nortel  says  it’s  laid  off  only  7%  of  its  13,000 
teleworkers  between  2000  and  2001,  com¬ 
pared  with  the  tens  of  thousands  of  em¬ 
ployees  fired  in  the  same  period. 

Baxter  BioScience  and  Lockheed  Martin 
Information  Technology  (LMIT)  —  and 
NASCO  —  each  reported  management  re¬ 
sistance  to  telework.  Baxter,  which  has  no 
formal  program,  increased  its  number  of 
teleworkers  by  25%  in  December  2002, 
when  the  company  relocated  several  hun¬ 
dred  employees  to  a  new  facility  30  miles 
away,  increasing  the  commute  for  many 
“At  the  time,  our  [HR]  department  was 
supportive.  But  now  I  hear  they’re  trying  to 
restrict  the  number  of  people  teleworking,” 


Added  25  teleworkers  in  2002.  Instituted  a  waiting  list 


says  Dominique  Endicott,  senior  manager 
of  clinical  data  management.  “For  now, 
managers  are  implementing  telework  into 
our  groups  until  we’re  told  to  stop," she  says. 

In  contrast,  LMIT  met  management  resis¬ 
tance  by  creating  a  structured  program. 
The  firm,  which  provides  IT  consulting  for 
the  military  was  urged  by  employees  to  in¬ 
stitute  a  telework  program  in  1997. 

“We  faced  traditional  thoughts  about 
how  employees  wouldn’t  be  as  effective 
[out  of  the  office]”  says  Joe  Wagovich, 
director  of  communications.  In  response, 
LMIT  implemented  stringent  policies  on 
eligibility,  as  well  as  guidelines  for  how 
often  teleworkers  would  check  e-mail  and 
call  the  main  office  for  messages.  Although 
most  LMIT  consultants’ jobs  aren’t  suited  to 
telework,  the  company  supports  those  that 
are  with  equipment  such  as  notebook  PCs 
and  cable  modems. 

“We  know  there  needs  to  be  a  balance 
between  home  and  work  life. “It  took  us  a 
while  to  understand  the  culture,  to  learn 
telework  can  be  managed  and  increase 
productivity  —  in  the  right  setting,”  he  says. 
“People  have  come  over  and  said,  yeah, 
telecommuting  isn’t  so  bad."  ■ 
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Sandstorm  Enterprises,  Inc. 
Netlntercept 
(617)  426-5056 
www.sandstorm.net 

Netl intercept's  Rapid  Event  Analysis  helps 
information  security  professionals  cope  with 
a  barrage  of  firewall  and  IDS  alerts.  Easy  to 
use  and  quick  to  deploy,  Netlntercept  yields 
maximum  ROI  in  a  security  appliance. 
Security  Analysts  are  using  Netlntercept® 
to  investigate  critical  alerts,  recover  from 
attacks  and  quickly  resolve  network 
security  events.  Demo  how  Netlntercept’s 
robust  new  features  improve  security 
threat  investigation  and  resolution  at 
www.netintercept.com. 


VBrlck  Systems 

StreamPlayer 
(203)  265-0044 
www.VBrick.com 

StreamPlayer  software  provides  organiza¬ 
tions  with  the  ability  to  stream  real-time 
and  stored  events,  with  DVD  quality,  to  the 
desktop  in  order  to  train  employees  and 
distribute  live  news.  Used  by  corporations, 
schools,  and  government  agencies,  Stream¬ 
Player  helps  organizations  increase  produc¬ 
tivity,  enhance  learning  and  improve  securi¬ 
ty  and  monitoring  systems. 
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Server  Technology,  Inc. 

Sentry  Power  Tower  XL 
(775)  284-2000 

www.servertech.com 

Server  Technology’s  Sentry™  products 
provide  the  network  manager  with  Solu¬ 
tions  for  the  Data  Center  Equipment 
Cabinet™.  Sentry  products  eliminate 
unnecessary  trips  to  remote  data  centers, 
POP  sties  and  co-lo  facilities  by  combining 
intelligent  power  distribution,  remote  reboot 
management,  power  measurement  and 
environmental  monitoring.  Reboot  remote 
servers  and  networking  equipment  units  via 
Web  interface  or  integrate  with  your  NMS 
via  SNMP.  Only  Server  Technology's  Sentry 
products  combine  on-site  and  remote 
Current  Input  Monitor,  Power-up  Sequencing 
and  Remote  Power  Management  in  a  single 
solution  for  complete  remote  management 
of  a  lights-out  data  center.  The  new  Sentry 
PowerTower  solution  reboots  up  to  16  dual¬ 
power  supply  remote  servers  —  either  in  a 
vertical  (zero  U  of  rack  space)  or  horizontal 
rack-mount  form  factor.  Additionally,  The 
Sentry  Any-to-Any  Switch  provides  console 
port  management  of  remote  serial  devices 
and  can  be  embedded  in  a  Sentry  Power 
Manager.  Sentry's  security  features  include 
Secure  Proxy,  MD5,TACACS+  and  SecurlD. 


;  All  efforts  have  been  made  to  make  this  listing  as  complete  and  accu 
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Winternals 
Defrag  Manager 
(512)  330-9130 

www.winternals.com 

Winternals  Software  is  an  Austin,  Texas- 
based  provider  of  enterprise  management 
tools  focused  on  recovery,  performance, 
and  security  for  Microsoft-based  enterpris¬ 
es.  Established  in  1996,  Winternals  delivers 
scalable,  reliable,  managaeable  solutions 
that  empower  IT  organizations  to  realize  the 
greatest  potential  return  on  their  Microsoft 
infrastructure. 


WRC^NET 

\  800-699-9722 


Worldwide  Provider  of  Network  Hardware  since  1981 


WRCA.Net 
(800)  699-9722  x102 

www.wrca.net 

For  over  20  years,  WRCA.Net  (WR  Consul¬ 
tant  Associates,  Inc.)  has  provided  used, 
refurbished,  and  new  network  products 
worldwide.  Products  include  30+  leading 
manufactures,  old  and  new.  Cisco,  . 
Livingston,  Ascend,  USR/3Com/Commworks, 
Adtran,  Kentrox  and  Motorola  are  just  a 
few  of  the  brands  we  can  supply.  Technical 
support  and  service  contracts  available. 
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SHAPING  YOUR  NETWORK 


IFCP  melds  Fibre  Channel  and  IP 


HOW  IT  WORKS 


Internet  Fibre  Channel  Protocol 

With  iFCP,  the  IP  network  is  transparent  to  the  two  Fibre 
Channel  (FC)  RAIDS  in  Chicago  and  New  York. 


Chicago 

FC  fabric  1 

O  FC  server 


New  York 


FC  fabric  2 


FC  switch 


FC  switch _ _ 
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Q  iFCP  gateway 


FC  fabric  3 

FC  server 
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A  Fibre  Channel 
server  writes 
data  to  a  RAID 
in  Chicago. 
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RepTicatkxi  software  on  the  RAID  A  switch  failure  in  one  ofthe  Fibre  Channel 
sends  a  copy  to  another  disk  in  fabrics  in  New  York  brings  down  that 
portion  of  the  network.  However,  the  iFCP 
gateway  isolates  the  fault  and  the 
replication  operations  aren’t  affected. 


New  York  for  disaster  recovery. 
The  iFCP  gateway  translates  the 
Ffore  Channel  traffic  to  IR 


The  iFCP  gateway  in  New  York 
translates  the  IP  storage  traffic 
back  to  Fibre  Channel  and  sends 
it  to  the  local  RAID,  successfully 
completing  the  data  replication. 


■  BY  PRASAD  PAMMIDIMUKKALA 

internet  Fibre  Channel  Protocol  is  a 
standard  for  running  Fibre  Channel  traffic 
over  a  TCP/IP  network.  Acting  as  a  gate¬ 
way,  iFCP  lets  you  link  Fibre  Channel 
RAID  arrays,  switches  and  servers  to  IP 
storage  networks  while  preserving  infra¬ 
structure  investments. 

IFCP  works  by  wrapping  Fibre  Channel 
data  in  IP  packets  and  mapping  IP 
addresses  to  individual  Fibre  Channel 
devices.  Each  Fibre  Channel  device  has  its 
own  identity  in  the  IP  network  so  it  can 
individually  send  storage  traffic  to,  and 
receive  storage  traffic  from,  other  nodes  in 
the  IP  network.  By  terminating  the  Fibre 
Channel  signaling  at  the  iFCP  gateway 
and  carrying  the  storage  traffic  over  IP 
networks,  iFCP  breaks  the  distance  barrier 
of  traditional  Fibre  Channel  networks, 
which  can  extend  only  6.2  miles. 

IFCP  differs  from  another  proposed  Inter¬ 
net  Engineering  Task  Force  draft  standard, 
Fibre  Channel  over  IP  (FCIP).  FCIP  is  a  sim¬ 
ple  tunneling  protocol  that  interconnects 
two  Fibre  Channel  fabrics  to  form  one 
large  fabric.  As  such,  FCIP  is  analogous  to 
the  bridging  approach  for  extending  Layer 
2  networks  and  doesn’t  offer  the  fault-isola¬ 
tion  capabilities  of  iFCP 

When  internetworking  Fibre  Channel 
fabrics,  each  iFCP  gateway  domain  oper¬ 
ates  as  an  autonomous  system  whose  con¬ 
figuration  is  invisible  to  the  IP  network  and 
other  iFCP  gateway  domains.  While  storage 
traffic  between  two  nodes  in  an  iFCP  gate¬ 
way  is  switched  or  routed  using  native 
Fibre  Channel,  traffic  that  spans  multiple 
iFCP  gateways  is  encapsulated  into  iFCP 
and  then  mapped  to  an  IP  addresses  so 


that  it  can  be  switched  and  routed  through 
the  IP  network. 

Each  pair  of  Fibre  Channel  nodes  that 
communicates  across  the  IP  network 
establishes  a  separate  iFCP  session,  letting 
iFCP  implementers  tweak  quality-of-ser- 
vice  parameters  at  a  very  precise  level. 

Along  with  utilizing  the  built-in  TCP  con¬ 
gestion  control,  error  detection  and  recov¬ 
ery  mechanisms,  iFCP  also  provides  robust 
error  handling  on  the  Fibre  Channel  side. 
Error  handling  is  done  at  a  session  level 
wherever  possible,  so  as  not  to  affect  stor¬ 


age  traffic  that  might  be  in  transit  between 
other  devices. 

In  the  same  way  that  subnet  routing  pro¬ 
vides  fault  isolation  for  Layer  2  networks, 
iFCP  brings  subnet  characteristics  to  Fibre 
Channel  fabrics.  Fibre  Channel  fabric  re¬ 
configurations  and  state-change  notifi¬ 
cation  broadcasts  are  restricted  to  the  indi¬ 
vidual  fabric  subnet.  This  capability 
enables,  for  the  first  time,  massively  scal¬ 
able  storage-area  networks  (SAN). 

Another  popular  application  of  iFCP  is 
SAN-to-SAN  interconnection.  Fibre  Chan¬ 


nel  networks  are  connected  to  iFCP  gate 
ways,  which  in  turn  communicate  over  a 
metropolitan-area  network  or  WAN. 

Management  and  security 

The  Internet  Storage  Name  Server  (iSNS) 
facilitates  automated  discovery  manage 
ment  and  configuration  of  iSCSI  and  Fibre 
Channel  devices  on  a  TCP/IP  network.  ISNS 
provides  intelligent  fabric  services  such  as 
asynchronous  notification  to  end  nodes  of 
changes  in  the  iFCP  network  and  segmen¬ 
tation  of  network  resources  into  logical 
groups  called  discovery  domains  for  man¬ 
agement  and  security.  In  a  Fibre  Channel 
fabric,  the  Simple  Name  Server  provides 
these  services. 

From  a  security  standpoint,  IP  storage 
networks  combine  the  elementary  zoning 
and  logical  unit  number  masking  and 
zoning  partitioning  techniques  with  more 
advanced  industry-standard  security  fea¬ 
tures  available  in  IP  networking.  IFCP 
relies  on  IP  Security  (IPSec)  to  provide 
authentication,  encryption  and  data 
integrity.  It  also  uses  IPSec s  automatic  key 
management  protocol,  Internet  Key 
Management,  for  handling  the  creation 
and  management  of  security  keys. 

The  iFCP  specification  is  a  proposed 
standard  within  the  IETF  IP  Storage 
Working  Group  and  is  expected  to  be 
finalized  next  year.  You  can  obtain  the 
latest  iFCP  draft  at  www.nwfusion.com, 
DocFinder:4332. 

Pammidimukkala  is  a  director  of  product 
management  for  Nishan  Systems  and  is 
also  the  iFCP  subgroup  chair  in  the  SNIA  IP 
Storage  Forum.  He  can  be  reached  at 
prasad@nishansystems.  com. 


Dr.  Internet  By  Steve  Blass 

We  installed  a  Windows  2000  Server  with  two 
Windows  ME  clients.  We  turned  on  Internet 
Connection  Sharing  and  managed  to  get  the 
computers  to  use  the  modem  collectively.  If  we 
allow  the  modem  to  be  dialed  over  the  network 
and  manage  to  get  the  computers  to  use  the 
modem,  it  is  activated  whenever  either  mach¬ 
ine  is  logged  on,  even  though  no  request  comes 
from  e-mail  or  Internet  Explorer.  Is  there  a  way 
to  let  the  client  computers  dial  out  only  when  a 


client  uses  Explorer  or  e-mail. 

How  can  you  hang  up  from  a  client  after  you 
are  finished? 

To  stop  the  clients  from  dialing  out  when  logging 
on,  reconfigure  them  so  that  they  do  not  reach 
out  past  your  network  boundary  at  logon.  Even 
though  they  are  not  using  e-mail  or  Explorer,  the 
computers  might  be  communicating  with  Inter¬ 
net  resources,  such  as  a  default  multicast  group 


or  software  update  services  whenever  the  net¬ 
work  becomes  available.  An  easier  approach: 
configure  a  short  “Idle  time  before  hanging  up" 
setting  under  the  Options  tab  in  the  modem 
properties  dialog.  This  will  cause  the  server  to 
drop  the  line  after  a  short  period  of  inactivity. 

Blass  is  a  network  architect  at  Changed 
Work  in  Houston.  He  can  be  reached  at 
dr.internet@changeatwork.com. 
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Last  week  we  promised  you  a  tool  that 
works  with  the  htmlArea  utility  from 
Interactivetools.com.  HtmlArea,  you 
will  recall,  turns  any  plain  text  entry  field 
(a  textarea  field)  in  Web  forms  into  a 
WYSIWYG  editor.  The  tool  we’ll  be  look¬ 
ing  at  is  Article  Manager  published  by  the 
same  chaps. 

Article  Manager  is  a  small-scale  content 
management  system  (CMS)  that  can  use 
htmlArea  as  the  client-side  editing  tool 
(any  text  editing  field  can  be  enabled  as 
an  htmlArea  field  for  WYSIWYG  editing). 

lnteractivetools.com  also  offers  several 
products  built  on  the  same  technology  all 
of  which  make  it  possible  for  Webmasters 
to  leave  specific  Web  content  mainte¬ 
nance  in  the  hands  of  users. The  tools  in¬ 
clude  Realty  Manager  for  property  list¬ 
ings,  Auto  Manager  for  car  sales,  Doc- 
Builder  for  documentation,  Job  Manager 
for  job  placements  and  News  Manager 
for  news  publishing. 

In  particular,  DocBuilder  is  really  cool 


Managing  articles  on  your  Web  server 


for  .  .  .  guess  what?  Yep,  documentation 
projects!  In  fact,  the  documentation  for  all 
the  other  Interactive.com  products  is 
done  with  DocBuilder  (see  www.nwfu- 
sion,  DocFinder:  4337). 

If  you  have  Perl  installed,  running  up 
Article  Manager  is  a  breeze;  it  should  take 
no  more  than  10  minutes.  Don’t  want  to  do 
the  installation  yourself? Then  —  and  this  is 
way  cool  —  Interactivetools.com  will  do  it 
for  you  at  no  charge!  Amazing  service.  You 
just  give  them  access  rights  and  they  FTP 
in,  transfer  the  files,  and  voila! 

Either  way, you’d  be  advised  to  start  with 
the  default  configuration, play  with  it  for  a 
bit  and  then  make  any  configuration 
changes  needed.  Article  Manager’s 
default  presentation  display  has  the  site’s 
title  at  the  top  of  the  page,  article  sum¬ 
maries  in  the  middle,  a  category  filter  in 
the  top  left  (so  that  you  just  see  the  sum¬ 
maries  of  articles  in  the  category  you’re 
interested  in),  a  search  function  on  the 
bottom  left  and  a  headline  summary  list 
on  the  right. 

Don’t  like  the  layout?  You  can  change 
everything.  The  entire  system  is  defined 
by  templates  that  can  be  edited  with  any 
HTML  editor,  and  the  documentation  to 
help  you  is  well-laid-out  and  thorough. 

However,  the  templates  could  do  with  a 
little  more  explanation  —  you’ll  spend  a 
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Product:  Article  Manager  Version  1.23 
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Vendor:  interactivetools.com 

www.interactivetools.com 


while  figuring  out  how  all  the  pieces 
work  together  before  you  get  comfortable 
making  any  really  serious  modifications. 

You  can  create  three  types  of  users  in 
Article  Manager:  Writers,  Trusted  Writers 
and  Editors.  A  Writer  can  submit  articles 
to  categories  for  which  he  has  been 
enabled  but  cannot  make  the  articles 
appear  on  the  Web  site  —  an  Editor  has  to 
approve  them  first.  In  addition,  once  a 
writer  submits  an  article  no  one  other 
than  an  Editor  can  modify  it  (even  the 
Writer  can’t  change  the  article). 

Trusted  Writers  can  create  articles  in  the 
categories  for  which  they’re  enabled  and 
can  make  them  visible.  They  also  may 
view  a  list  of  any  articles  that  they’ve  cre¬ 
ated  and  can  modify  or  erase  them. 

Editors  are  the  demigods  of  the  system 
(the  administrator  is  the  iibergod): 


Editors  have  full  control  over  whatever 
categories  are  enabled  for  them  and  can 
modify  or  delete  any  articles  in  those  cat¬ 
egories.  Editors  also  can  view  articles  that 
Writers  submit  and  change  their  status  to 
“visible”  or  “hidden." 

A  minor  weakness  is  that  Article 
Manager  doesn’t  provide  any  explicit 
hooks  for  integration  with  the  Web  serv¬ 
er’s  user  database,  but  that  shouldn’t  be 
too  hard  to  fix  if  you’re  an  experienced 
Web  programmer. 

Article  Manager  also  includes  a  very 
good  search  feature  (both  basic  and  ad¬ 
vanced  searches  are  supported),  archiving 
and  a  Syndicated  Content  feature.  Syn¬ 
dicated  Content  lets  other  sites  create  a 
Webfeed  from  your  site  through  their  sites. 
Note  that  this  is  not  an  Rich  Site  Summary 
feed  (see “All  the  news  that’s  fit  to  RSS,”  Doc- 
Finder:  4336),  but  a  chunk  of  JavaScript 
that  loads  from  the  remote  site  to  the 
clients,  which  pulls  content  from  your  site. 

Article  Manager  costs  $300,  which 
includes  a  lifetime  license,  free  installa¬ 
tion,  free  support  and  free  upgrades!  We 
love  this  product!  It  is  well-designed,  well- 
executed,  fast  to  install,  pretty  bulletproof, 
well-documented  and  well-priced. 

Submit  your  articles  to  gearhead@ 
gibbs.com. 


Cool  Too 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


New  ergonomic  keyboard 

TypeMatrix  last  week  announced  a  new  keyboard  that 
aims  to  reduce  the  motions  associated  with  repetitive 
strain  injuries.  The  $100  keyboard  has  been  in  develop¬ 
ment  for  three  years  to  address  the  need  for  a  mainstream 
keyboard  with  advanced  ergonomics  and  superior  com¬ 
fort,  the  company  says. 

TypeMatrix  (www.typematrix.com)  says  the  keyboard 
reduces  finger,  wrist  and  arm  movements  through  three 
features  —  vertical  columns  of  keys,  an  embedded  num¬ 
ber  pad  and  the  repositioning  of  some  keys.  TypeMatrix 
says  these  changes  help  prevent  and  alleviate  injuries, and 
can  increase  typing  speed  and  accuracy  The  keyboard 
also  has  larger  Enter,  Backspace  and  Tab  keys  placed  in 
the  center  of  the  keyboard,  which  lets  a  person  use  a 
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•  ee  TypuMatru  keyboard  claims  to  be  more  ergonomic  than 

regular  keyboards. 


stronger  index  finger  for  these  keys.  In  addition,  the  key¬ 
board  promotes  a  neutral  mouse  placement,  by  letting 
the  mouse  sit  2  inches  from  a  user’s  right  hand,  the  com¬ 
pany  says. 

Proxim  rolls  out  new  wireless  gear  for  SMBs 

Proxim  (www.proxim.com)  last  week  announced  new 
wireless  LAN  equipment  for  small  and  midsize  businesses 
that  works  with  802.11b,  802.11a  and  the  802.1  lg  (pre¬ 
standard)  protocols. 

The  new  equipment  includes  the  Orinoco  AP- 
600a,  AP-600b  and  AP-600g  access  points. 

The  802.1  lg  equipment  includes  a 
CardBus  Card  (PC  Card)  and  access  point 
upgrade  kit. The  AP-600  access  points  are 
single-radio  devices  that  are  meant  for 
single-client  environments,  the 
company  says. 

Enterprise  features  include 
standard  Wired  Equivalent  Pri¬ 
vacy  encryption, 802. lx  authen¬ 
tication  with  automatic  key 
management,  and  support  for  a 
range  of  Extended  Authentica¬ 
tion  Protocol  types.  The  equip¬ 
ment  also  includes  802.  lx  per¬ 
user,  per-session  encryption  key¬ 
ing  (for  802.11a  and  802. 1  lg 
products).  Wireless  Protected 
Access  will  be  supported 
through  firmware  upgrades 
when  the  standard  is  finalized, 

Proxim  says. 

Management  features  of  the 
AP-600  let  the  device  be  man¬ 
aged  through  a  Web  brows¬ 
er,  with  full  SNMP 
support  (including 


Management  Information  Bases  and  traps).  This  lets  the 
devices  be  supported  through  standard  SNMP  manage¬ 
ment  tools.The  device  also  ships  with  an  upgradable  mini- 
PCI  radio  that  can  be  replaced  using  the  AP-600  802.1  lg 
upgrade  kit,  Proxim  says.  It  also  is  upgradable  to  future 
802.11a  revisions, such  as  support  for  802. Hi. 

The  AP-600b  ($400)  and  AP-600a  ($550)  are  available 
now,  the  company  says.  The  AP-600g  ($500)  will  be  avail¬ 
able  in  the  second  quarter.  Also  available  in  the  second 
quarter  will  be  the  802.1  lg  access  point  upgrade  kit 
($130),  and  the  802. 1  lg  PC  Card  ($100).  Proxim  also  has 
lowered  the  price  of  its  802. 1 1  b  PC  Card 
to  $80  (Gold)  and  $60  (Silver). 


Store  all  your  passwords  on 
a  PDA  or  smartphone 

DataViz  (www.dataviz.com) 
last  week  announced  its  Pass¬ 
words  Plus  software,  which  can 
store  personal  information 
such  as  passwords  and  person¬ 
al  identification  numbers.  The 
software  runs  on  a  Windows 
PC  and  includes  a  Palm  OS 
application  to  let  users  syn¬ 
chronize  data  with  a  handheld 
device  or  smartphone. 

The  software  includes  128- 
bit  Blowfish  encryption  on 
the  PC  and  handheld,  DataViz 
says.  The  software  costs  $30 
and  is  available  now. 

Shaw  can  be  reached  at 
kshaw@nww.  com. 

Proxim’s  AP-600  includes 
«  802. 1  lg  technology. 


Better  Performance.  Better  Price. 

The  smartest  way  to  run  your  network  is  also  the  smartest  way  to  run  your  business. 
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Deli  J  Managed  Switches 

PowerConnect1”  3024*  Switch 


Scalable,  High-Performance  Managed  Switch 

•  24  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Up  to  12.8  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  -  Supports  up  to  144  FE  Ports  in  a  Stack 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement1' 

£  as  low  as  $1 7/mo .,  (46  pmtsx) 

60  Days  Same-As-Cash 

JJJ  E-VALUE  Code:  16753-  S10205 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement,17  add  $77 


PowerConnect1”  3248*  Switch 

High-Performance,  Enterprise  Class  Managed  Switch 

•  48  Fast  Ethernet  Ports  Plus  2  Built-In  Gigabit  Uplinks 

•  Multi-Layer  Traffic  Classification  at  Layers  2, 3,  and  4 

•  Advanced  Management  via  Browser  or 
Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement17 

f  \  as  low  as  $29/mo  .  (46  pruts”) 
Ovlllwl  60  Days  Same-As-Cash 

WWW  E-VALUE  Code:  16753-  S10209b 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement,17  add  $199 


PowerConnect™  3048*  Switch 


Rack-Dense,  High-Performance  Managed  Switch 

•  48  Fast  Ethernet  Ports  Plus  4  Built-In  Gigabit  Uplinks 

•  Up  to  21.6  Gbps  of  Wire-Speed  Switching  Capacity 

•  Stackable  -  Supports  up  to  144  FE  Ports  in  a  Stack 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement17 

as  low  as  $29/mo  ,  (46  pints”) 

JS 60  Days  Same-As-Cash 

W  W  W  E-VALUE  Code:  16753-  S10209a 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement,17  add  $199 


PowerConnect™  5224*  Switch 

High-Performance  All-Gigabit  Managed  Switch 

•  24  Copper  Gigabit  Ports  Plus  4  SFP  Fiber  Uplinks 

•  Layer-3  Aware  Class  of  Service  Prioritization 

•  Advanced  Management  via  Browser  or 
Industry-Standard  CLI 

•  3-Yr  Next  Business  Day  Part  or  Unit  Replacement17 

g*  as  low  as  $63/mo.,  (46  pruts”) 
O  M  §Hli60  Days  Same-As-Casb 

£m  I W  W  E-VALUE  Code:  16753- S10221 

Recommended  upgrade: 

•  3-Yr  7x24  4-Hr  Part  or  Unit  Replacement,17  add  $299 


It’s  a  Dell,  so  you  know  you're  going  to  save  money.  But  let's  talk  performance. 

From  standard  Fast  Ethernet  to  high-speed  Gigabit  Ethernet  over  copper  or  fiber,  Dell 
PowerConnect  switches  are  designed  to  offer  full  wire-speed  and  non-blocking  performance. 
Recent  Tolly  lab  tests  confirmed  that  the  Dell  PowerConnect  3248  outperformed  industry 
leaders  by  as  much  as  47%.  Plus,  the  PowerConnect  5224  has  been  lauded  by  Tom's  Hardware 
Guide  for  its  performance  and  manageability  features  for  the  price.  PowerConnect  switches 
also  are  highly  interoperable  and  scalable,  making  them  ideal  for  building  a  first-time  network 
or  expanding  your  existing  one.  So  not  only  will  you  get  one-of-a-kind  Dell  performance  for  less 
but,  perhaps  more  importantly,  there'll  be  fewer  headaches  too. 

Dell  PowerConnect  3248  Outperforms 
the  Cisco  Catalyst  2950  and  3COM 
SuperStack  3  Switch  4400  by  up  to 
47%  in  Layer  2  Throughput  Tests" 

Tolly  Group  Report  #202149 
-  September  2002 


Growing  your  network.  Easy  as 


Click  www.dell.com/switch  Call  1-877-301-3355 

toll  free 


Call:  M-F  7a  9p|S«t  8a-5p  CT 

Pricing,  specifications,  availability,  and  teims  of  offer  may  change  without  notice  Taxes  and  shipping  charges  extra,  and  vary,  and  not  subject  to  discounts  U  S  new  purchases  only  Dell  cannot  be  responsible  for  errors  in  typography  or  photography 

•This  device  has  not  been  approved  by  the  Federal  Communications  Commission  for  use  in  a  residential  environment  This  device  is  not,  and  may  not  be,  offered  for  sale  or  lease,  or  sold  or  leased  for  use  in  a  residential  environment  until  the  approval  of  the  FCC  has  been  obtained 
"Monthly  payment  is  based  on  48-month  QuickLoan  at  1299%  interest  rate  foi  qualified  Small  Business  customers  Your  interest  rate  and  monthly  payment  may  be  same  or  higher,  depending  on  your  creditworthiness.  Minimum  transaction  sue  of  $500  required  Maximum 
aggregate  financed  amount  not  to  exceed  $25,000  Under  60  Days  Same-As-Cash  QuickLoan.  interest  accrues  during  first  60  days  after  QuickLoan  Commencement  Date  Iwhich  is  five  days  after  product  ships)  if  balance  not  paid  within  these  60  days  OFFER  VARIES  BY 
CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER  Taxes,  fees  and  shipping  charges  are  extra  and  may  vary  Not  valid  on  past  orders  or  financing  QuickLoan  arranged  by  CIT  Bank  to  Small  Busrness  customers  with  approved  credit  -Technician  tt0l3cement  part  or 
unit  (depending  on  service  contract)  will  be  dispatched  if  necessary  following  phone-based  troubleshooting  Service  may  be  provided  by  third-party  provider  Subject  to  parts  availability,  geographical  restrictions  and  terms  of  service  contract  Service  timing  dependent  upon  lime  of  day 
call  placed  to  Dell  Replacements  may  be  refutbished.  U.S.  only  Tolly  Group  Report  #202149  was  commissioned  by  Dell  Dell,  the  stylized  E  logo,  E-VALUE,  and  PowerConnect  are  trademarks  of  Dell  Computer  Corporation  ©2003  Dell  Computer  Corporation  All  lights  reserved 
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EDITORIAL 

John  Dix 


Shutting  out 
the  bad  guys 

Simple  is  better  in  the  security  world,  and  short  of 
pulling  the  plug  on  the  Internet,  it’s  harder  to  get 
more  simple  than  ActiveScout. 

This  intrusion-prevention  tool  from  ForeScout  Technolo¬ 
gies  is  designed  with  the  knowledge  that  the  majority 
(some  say  95%)  of  all  network  attacks  are  proceeded  by 
some  form  of  reconnaissance.  ActiveScout  sits  outside  the 
firewall  watching  for  reconnaissance  and,  working  with  a 
firewall, shuts  out  bad  guys  when  they  try  to  attack  using 
information  gathered  during  that  reconnaissance. 

There  are  no  port  vulnerabilities  to  worry  about  or  signa¬ 
tures  to  update,  and  no  false  positives  to  wrestle  with. 

Here’s  how  it  works.  A  Scout  running  on  a  hardened  ver¬ 
sion  of  Red  Hat  Linux  (which  comes  with  the  product)  on 
a  Pentium  111-600  or  more  powerful  box  is  placed  in  front 
of  a  firewall  and  starts  watching  for  port  scans,  NetBIOS 
probes,  Simple  Mail  Transfer  Protocol-based  interrogations 
and  other  types  of  reconnaissance. 

When  these  sweeps  occur,  the  Scout  responds  with  data 
that  is  similar  to  that  sought  —  such  as  an  IP  service  or  a 
NetBIOS  resource  —  but  is  bogus.  If  and  when  a  hacker 
tries  to  come  back  using  the  bogus  information,  Active¬ 
Scout  recognizes  its  handiwork  and  can  deflect  the  attack 
and  either  sound  alarms  or,  working  with  the  firewall, shut 
out  traffic  from  the  offending  host.  Pretty  slick. 

Other  ActiveScout  components  include  the  Management 
Server,  which  is  used  to  collect  information  from  multiple 
Scouts  and  distribute  updates  when  a  recon  effort  has 
been  identified;  and  the  Enterprise  Manager, a  Java-based 
tool  for  generating  reports  about  attack  attempts  and 
responses. 

One  downside  is  ActiveScout  only  works  with  Check 
Point’s  Fire  Wall-1,  although  APIs  for  other  firewalls  are  avail¬ 
able.  Another  problem  is  that  the  box  doesn’t  do  anything 
to  protect  you  from  attacks  that  aren’t  proceeded  by 
reconnaissance,  which  are  apparently  on  the  rise. 

Nonetheless.it  would  appear  that  using  ActiveScout  at 
best  would  defeat  some  attacks  before  they  got  going  and 
at  least  reduce  the  false  positives  that  firewalls  and  intru¬ 
sion-detection  systems  generate.  And  ActiveScout  seems  to 
require  little  care  and  feeding,  which  is  a  blessing  given 
the  hand-holding  those  other  approaches  require. 

New  CEO  Kent  Elliott  says  a  system  with  aT-1  port  costs 
about  $10,000  retail.  Higher-capacity  boxes  are  in  the 
works.  Recognizing  that  most  security  threats  are  internal, 
Elliott  also  says  ForeSout  will  come  out  in  the  third  quarter 
with  a  product  designed  for  use  in  front  of  internal  fire- 
\\:ills  to  help  companies  identify  local  bad  guys. 

—  John  Dix 
Editor  in  Chief 
jdix@nww.com 


^  NetworkWorld 
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Hitting  pay  dirt 

I’ve  tracked  IBM  closely  for  the  past  seven  years  and 
have  read  thousands  of  press  reports  on  the  com¬ 
pany  I  just  want  to  say  that  your  story“IBM  hitting  pay 
dirt  with  software  push”  (www.nwfusion.com,  Doc- 
Finder:  4325)  probably  is  the  best  written,  most  con¬ 
cise  and  accurate  description  of  the  company’s  soft¬ 
ware  group  goals, strategy  and  status  that  I’ve  read. 

Joe  Clabby 
President 

Bloor  Research  —  North  America 
Yarmouth,  Maine 

No  zero-cost  alternative 

In  his  column,  “Could  ‘open  DSL’  save  the  ISPs?” 
(DocFinder:  4328),' Thomas  Nolle  writes:“One  impor¬ 
tant  step  ...  is  to  stop  trying  to  make  the  Internet  the 
zero-cost  alternative  to  every  other  kind  of  service.” 

I  agree.The  trouble  with  many  ’Net  denizens  is  the 
sort  of  petrified  sentiment  that  all  Internet  content 
must  be  public  domain.  Scott  Bradner,  for  example, 
in  the  same  issue  of  Network  World ,  refers  to  the 
“copyright  mafia”  that  seeks  to  protect  intellectual 
property  on  the  Internet  (DocFinder:  4326). 

Until  this  attitude  succumbs  to  rational  control, 
Nolle’s  sentiment  will  be  regarded  with  contempt, 
especially  by  members  of  academia.  And  the 
Internet,  if  intellectual  property  thieves  do  not  suffer 
legal  and  social  consequences  for  their  dishonesty, 
will  become  less  and  less  commercially  appealing 
as  a  result.  Access  to  it  might  become  very  expen¬ 
sive,  too,  as  recapitalization  expenses  fail  to  be  sub¬ 
sidized  by  multiple  cash  flow  sources  and  ISP  num¬ 
bers  decline. 

Gerry  Geisel 
Cincinnati 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  Editor  In 
Chief,  Network  World,  118  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Doing  it  wrong 

Regarding  Mark  Gibbs’“Backspin”column“Microsoft 
doing  it  wrong”  (DocFinder:  4327):  Amen!  I  maintain 
a  love/hate  relationship  with  Microsoft’s  integration 
of  functions  into  the  core  of  the  operating  system. 
Love, because  the  company  puts  money  in  my  pock¬ 
et  for  repair  issues  that  no  consumer  should  have  to 
consider.  Hate,  because  it  can  be  a  real  headache  to 
figure  out  workarounds  for  the  company’  products. 

And  yes, TCP/IP  and  the  Internet  are  important,  but 
don’t  bring  my  entire  operating  system  to  its  knees 
just  because  a  browser  has  wigged  out. 

Matthew  Ranck 
Owner 
Running  Time 
Spartanburg  S.C. 

Mark  Gibbs  is  right  on  with  respect  to  Microsoft 
doing  what  it  wants.  Let  the  company  go;  it  is  helping 
the  competition.  It’s  too  late  for  Microsoft  now.  Linux 
is  growing  rapidly 

I’m  tired  of  Microsoft  trying  to  tell  me  what  1  can 
and  cannot  do  with  my  PC.Things  have  gotten  good 
enough  on  the  open  source  side  that  I  can  operate 
in  an  environment  I  trust  is  working  for  me,  not  a 
technology  or  media  monopoly 

George  Yeager 
Columbus,  Ohio 

I  am  a  user  of  XP  and  Windows  Media  Player  9. 1 
used  the  beta  version  of  9  and  never  ran  into  the 
issues  Mark  Gibbs  encountered  with  Media  Player 
opening  itself  and  not  recognizing  the  CD  media. 

I  give  Microsoft  a  lot  of  credit  for  its  products 
and  standing.lts  products  may  have  a  lot  of  issues, 
but  humans  are  not  perfect,  nor  is  the  software 
world  or  programmers.  There  is  always  the  alter¬ 
native,  Macs. 

Jeff  Schuyler 
Youngstown,  Ohio 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder:  4324 
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INTRANET  ADVISER 

Daniel  Blum 


i  -mail  has  been  part  of  our  personal 
and  corporate  lives  for  a  long  time,  but 
l  it  never  has  been  secure. 

In  my  book  The  E-mail  Frontier  (1994),  1 
wrote: “Sometime  within  the  next  three  to  10  years,  any  e-mail  with¬ 
out  a  digital  signature  will  be  regarded  with  the  same  suspicion  as  a 
stranger  in  the  airport.”  A  cautious  statement  at  the  time,  but  I  never 
thought  it  would  take  this  long  to  achieve  secure,  signed  and  en¬ 
crypted  mail. 

In  more  ways  than  one,  time  is  running  out.  We  are  nearing  the  end 
of  my  10-year  window,  and  still  relatively  few  users  or  companies 
secure  their  e-mail  even  though  much  of  it  is  sensitive.  Meanwhile, 
estimates  say  that  (unsigned)  spam  messages  makes  up  more  than 
50%  of  e-mail  traffic,  threatening  e-mail’s  very  existence  as  a  medium. 
And  we’ve  got  good  reason  to  become  even  more  suspicious  of 
strangers,  both  within  airports  and  on  the  Internet.  While  I’ve  yet  to 
succumb  to  clicking  on  an  “I  Love  You”  or  “Big  Boss”  letter  attach¬ 
ment,  the  proliferation  of  such  garbage  in  the  in-box  adds  tension  to 
the  workday. 

Perhaps  it  is  perversity  but  after  receiving  a  signed  message  from  a 
colleague  at  Symantec,  I  decided  to  try  signing  my  own  outgoing  mail. 
Using  Microsoft  Outlook  2000,  I  requested  a  new  certificate  from 
VeriSign  and  set  a  flag  causing  outgoing  mail  to  be  digitally  signed. 

Soon,  the  complaints  began  flooding  in.  While  many  of  my  col¬ 
leagues  who  also  use  Outlook  2000  can  read  the  signed  messages, 


Secure  e-mail  is  worth  the  effort 


others  cannot.  For  example,  Outlook  Web  access  users  cannot  read 
signed  messages  because  Outlook  does  not  support  this  capability. 
Nor  can  users  of  Microsoft’s  Macintosh  client.  Nor  can  colleagues  at 
a  company  that  uses  Lotus  Notes,  even  though  IBM/Lotus,  like 
Microsoft,  claims  to  support  Secure  Multipurpose  Internet  Mail 
Extensions. 

There  are  other  problems.  Encryption  in  Outlook  is  a  nonstarter  for 
most  people  because  it  requires  use  of  (usually  nonexistent)  recipi¬ 
ent  public  keys,  whereas  signing  requires  only  the  sender’s. Wlien  our 
clients  have  requested  encryption,  we’ve  had  to  manually  create 
password-protected,  Pretty  Good  Privacy  self-decrypting  archives. 

To  make  signing  truly  worthwhile,  one  also  should  set  the  software 
to  require  a  password  or  personal  identification  number  every  time 
the  private  key  is  invoked  for  every  signature.This  is  a  pain. And  while 
I  picked  a  short  but  obscure  password  that’s  easy  to  type,  I  am  look¬ 
ing  forward  to  a  later  experiment  with  smartcard  fingerprint  readers. 

Individuals  and  companies  can  help  by  learning  more  about  secure 
e-mail. It  isn’t  acceptable  to  send  sensitive  e-mail  over  the  Internet  in  the 
clear.  We  shouldn’t  let  spammers  get  away  with  forging  their  “From” 
address.  Experiment  in  your  environment  to  see  what  can  be  done,  and 
push  your  vendors  to  improve  support  for  interoperable,  secure  e-mail. 


It  isn't  accept¬ 
able  to  send  sen¬ 
sitive  e-mail  over 
the  Internet  in 
the  clear. 


Blum  is  senior  vice  president  and  research  director  with  Burton 
Group,  an  integrated  research,  consulting  and  advisory  service.  He  can 
be  reached  at  dblum@burtongroup.com. 


REALITY  CHECK 

Thomas  Nolle 

In  the  last  couple  of  months,  we’ve  seen  a 
concerted  attack  on  the  Internet’s  inter¬ 
nal  name  servers,  and  another  attack 
aimed  at  Microsoft  database  servers  any¬ 
where  on  the  Internet. Security  companies  have  issued  alerts.  Pundits 
predict  more  viruses,  worms,  denial-of-service  attacks  and  problems. 
Is  all  of  this  threatening  to  unravel  the  Internet,  as  some  suggest?  Is  it 
possible  that  government  attempts  to  secure  the  Internet  will  end  up 
compromising  its  principles  instead? 

The  Internet  was  first  deployed  as  a  research  and  academic  net¬ 
work,  serving  a  community  that  could  at  least  hope  to  be  self-polic- 
ing.Todayit  serves  countless  users  who  have  no  intention  of  policing 
themselves.  Unfortunately,  the  basic  principles  of  the  Internet, such  as 
universal  addressing  of  members  and  anonymous  routing  of  mes¬ 
sages,  make  it  hard  to  track  down  those  who  would  use  the  ’Net  to 
harm  or  invade  the  privacy  of  others.  So  the  question  is  whether  we 
could  or  should  change  it,  and  by  doing  so  eliminate  a  lot  of  the 
threats  we  now  face. 

My  answer  is  no.  That  might  surprise  those  who  know  that  I’m  no 
fan  of  the  Internet  business  model,  so  I’d  better  explain. 

Adding  security  to  the  Internet,  whether  voluntary  or  by  govern¬ 
ment  edict,  requires  applying  two  basic  protection  schemes.  First, 
make  sure  that  each  user  has  an  identifiable  address  so  messages 
from  that  user  can  be  traced  back  reliably.  Second,  provide  a  mech¬ 
anism  to  do  that  tracing  inside  the  Internet  routing  structure.  The 
clear  problem  with  this  combination  is  its  invasion  of  users’  privacy. 
While  the  argument  is  often  made  that  tracing  an  Internet  inquiry 
or  message  is  no  different  from  tracing  a  call,  the  differences  are 
profound. 

First,  you  need  a  court  order  to  trace  a  call,  and  the  trace  is  tech¬ 
nology-limited  to  the  party  or  parties  covered  by  the  order. You  tap  a 
specific  line.  With  the  Internet,  any  tapping  will  expose  the  traffic  of 
many  others  passing  through  the  same  nodes  and  trunks. 

Second,  measures  to  provide  a  hard  link  between  a  user  and  an 
address  for  the  purposes  of  identification  can’t  be  limited  in  its 
application  to  authorized  law  enforcement  types.  If  you  surf  a  site, 


Gan  the  'Net  ever  be  secure? 


you  leave  a  trail. In  our  straw  poll  of  users  (not  scientific  but  inter¬ 
esting), 90%  admitted  to  some  Internet  use  they  wouldn’t  want  their 
name  connected  with.  It’s  not  all  sedition  or  crime,  or  even  visits  to 
X-rated  sites,  either.  Many  just  don’t  want  merchants  tracking  them 
and  getting  personal  information.  We’re  already  fighting  cookies 
and  spam,  after  all.  Do  we  need  to  make  it  worse? 

Yes!  Or  so  many  say. The  argument  is  that  surrendering  a  little  anon¬ 
ymity  would  bring  huge  benefits  in  security,  in  the  ability  to  fight 
crime,  fight  terrorism.  Well,  everybody  is  entitled  to  his  own  view  on 
a  privacy-for-security  trade,  and  we’re  certain  to  be  facing  many  such 
trades  in  our  future,  but  there’s  a  simple  out  in  this  case  —  it  won’t 
do  any  good. 

We  might  be  the  most  powerful  and  richest  country  in  the  world, 
and  we  might  have  the  largest  number  of  Internet  users,  and  we 
might  have  a  completely  trustworthy  police  and  judicial  process  (or 
maybe  we  don’t  —  you  decide), but  we’re  not  alone  in  the  world. Our 
laws  reach  to  our  borders.  Suppose  we  shackle  our  ISPs  with  all 
kinds  of  laws  to  allow  reliable  tracking  of  miscreants  and  at  the  same 
time  protect  the  masses.  Who  says  those  laws  would  work  elsewhere? 
The  latest  guess  is  that  the  Microsoft  SQL  worm  originated  in  Asia. 
Would  our  laws  have  prevented  it? 

That’s  the  rub,  folks.  Like  it  or  not,  the  Internet  is  truly  global,  both 
technically  and  culturally.  It’s  either  secure  and  regulated  and 
policed  everywhere,  or  it’s  hard  to  imagine  how  you’d  effectively 
police  it  at  all.  Because  we  cannot  police  it  everywhere, all  our  noble 
efforts  will  accomplish  is  to  raise  the  costs  of  our  domestic  providers, 
and  surrender  our  own  rights  of  privacy,  while  those  hackers  and  ter¬ 
rorists  simply  move  to  offshore  servers  or  ISPs. 

So  what  happens  now?  Not  much,  because  not  much  is  necessary. 
Has  your  own  life  been  disrupted  by  Internet  hackers?  How  about 
those  you  know?  Sure.it  would  be  nice  if  the  Internet  could  be  made 
absolutely  secure,  but  the  little  incremental  security  that  additional 
U.S.  legislation  could  bring  wouldn’t  be  worth  the  price. 


The  Internet . . . 
is  either  secure 
and  regulated 
and  policed 
everywhere,  or 
it’s  hard  to  imag¬ 
ine  how  you'd 
effectively  police 
it  at  all. 


Nolle  is  president  of  CIMI  Corp.,  a  technology  assessment  firm  in 
Voorhees,  NJ.  He  can  be  reached  at  tnolle@cimicorp.com. 


Sure,  if  you’re  in  a  hot  spot,  then  Wi-Fi  can  give 


you  wireless  access.  But  what  about  the  millions 


of  places  where  it  can’t?  Fortunately,  the  one  spot 


where  you  can  find  all  the  answers  is  on  our 


website.  We’ll  show  you  how  CDMA2000  gives 


CDMA2000:  HOT  FROM  SEA  TO  SHINING  SEA. 


you  always-on  remote  access  in  a  protected 


environment  at  speeds  faster  than  dial-up.  Best 


of  all,  CDMA2000  delivers  anywhere  that  your 


wireless  carrier  has  coverage,  across  the  entire 


country.  Plus,  you  won’t  have  to  fill  up  on  double 


lattes  while  accessing  your  network.  To  learn 


more,  visit  us  at  www.qualcomm.com/enterprise. 


Qualcomm 


With  only  a  couple  hundred  bucks  worth  of  wireless 
gear,  war  drivers  can  pull  up  to  your  building  and 
hack  your  network  by  catching  RF  waves  from 
wireless  devices  inside.  Your  employees  may  even 
be  making  it  easier  for  them  by  installing  unauthorized 
access  points.  If  you  think  WEP  protects  you,  think 
again.  It's  child's  play  for  techno  geeks.  So  how  do 
you  nab  them?  Get  the  WaveRunner’"  pocket-sized 
wireless  security  guard.  It  instantly  locates  unautho¬ 
rized  users  on  screen.  Or  check  out  our  OptiView 
Wireless  Network  Analyzer’,"  the  only  tool  to  support 
10/100/1000  and  now  wireless  Ethernet.  Either  way, 
you'll  have  total  Supervision  to  catch  war  drivers 
red-handed.  More  good  news.  The  ultimate  wireless 
reference  poster  is  now  available. 


See  an  amazing  virtual  demo  right  now  at 
www.flukenetworks.com/wireless 


OptiView  Wireless  Network  Analyzer 
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The  Extended  Enterprise  Issue 


Erasing  corporate  boundaries 

Five  years  ago,  MIT  Profes¬ 
sor  Thomas  Malone  and  a 
jfc.  research  associate,  Robert 
Laubacher,  stirred  up  the 
i  business  world  with  a 
.  Harvard  Business  Review 
1 1  article  titled  “The  Dawn  of 

/the  E-lance  Economy.”  They 
proposed  a  future  in  which 
individuals,  because  they  so  easily  and 
inexpensively  could  share  business  infor¬ 
mation  online,  become  the  fundamental 
units  of  the  economy  rather  than  the  cor¬ 
porate  structures  of  today.  Corporations, 
they  said,  will  devolve  into  flexible,  tempo¬ 
rary  networks  of  individuals  —  e-lancers 
—  formed  to  produce  a  certain  good  or 
provide  a  particular  service  then  dissolve 
upon  project  completion.  (This  concept 
encouraged  at  least  one  start-up,  Elance, 
to  launch.) 

Intriguing  when  the  article  was  pub¬ 
lished  in  1998,  the  idea  becomes  even 
more  so  when  considered  in  today’s  busi¬ 
ness  context.  In  1998,  companies  were  just 
getting  comfortable  with  letting  outsiders 
—  customers  mostly  —  remotely  access 
corporate  information.  The  extranet  was 
quickly  becoming  the  IT  architecture  du 
jour,  but  technical  and  political  issues 
limited  use  mostly  to  information  access 
rather  than  business  transactions. 


r 

SERIFS 

The  Extended  Enterprise  Issue  is  on; 
of  six  bimonthly  special  issues  p 
viding  insights,  opinions  anti  informa¬ 
tion  on  the  biggest  trends  shaping 
the  networked  world.  Watch  for  the 
Network  World  200  issue,  our  annual 
check-up  on  the  network  industry's 
health,  coming  April  21. 
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Extended  enterprises  take  root 

We've  arrived  at  the  next  phase  in  e-business  development,  complete 
with  its  own  architectural  design. 

Grainger  extended 

Grainger  CIO  Tim  Ferrarell  describes  how  this  industrial  products  and 
e-business  leader  has  extended  its  reach  to  customers  and  suppliers. 

Crackdown! 


Today,  IT  executives  are  structuring 
information  architectures  around  the 
extended  enterprise  model  in  which  all 
business  constituents  —  local  employees, 
remote  and  mobile  workers,  customers, 
resellers,  suppliers,  other  business  part¬ 
ners  —  get  access  to  corporate  informa¬ 
tion  and  workflow  processes  from  wherev¬ 
er  they  are,  whenever  they  need  it. 

Although  Malone  and  Laubacher  didn’t 
use  the  term  “extended  enterprise”  in 
their  essay,  they  did  predict  such  a  step 
along  the  evolutionary  path  to  an  e-lance 
economy.  They  said  boundaries  between 
companies  would  become  less  important: 
“Transactions  within  organizations  will 
become  indistinguishable  from  transac¬ 
tions  between  organizations,  and  busi¬ 
ness  processes,  once  proprietary,  will 
freely  cross  organizational  boundaries.” 

That,  of  course,  is  the  precise  intent  of 
an  extended  enterprise.  I’d  even  argue 
that  extended  enterprises  make  corpo¬ 
rate  boundaries  not  just  less  important, 
but  inconsequential. 

Imagine  the  possibilities. 


Guardians  of  the  extended  enterprise  get  tough  on  wayward 
VPN  users  with  new  remote  policy  enforcement  tools. 

Benevolent  entanglement 

I 

Halliburton  wins  the  2003  Extended  Enterprise  Innovator  Award  for  creating 
a  sophisticated  yet  easy-to-use  portal  that  delivers  rich  technical  content, 
interactive  tools,  collaboration  features  and  e-commerce  functions  for 
customers,  suppliers  and  employees. 

CRM  AT  THE  OUTPOST 

These  days,  providing  top-rate  service  means  extending  customer- 
relationship  apps  to  wherever  users  are  —  be  that  a  hotel  off  Highway  9  or  a 
lending  office  on  Route  12. 

A  RESTful  approach  to  Web  services 

Before  choosing  SOAP  to  develop  Web  services  for  your  extended  enterprise, 
consider  the  alternative,  Representational  State  Transfer, 

Extended  enterprise  online 


Beth  Schultz 
Editor,  Signature  Series 
b  hultz(a  nww.c  o  m 


Head  to  the  Extended  Enterprise  portal  on  Network  World  Fusion  for  interac-  V  / 

tive  features,  more  articles  and  a  list  of  resources.  Go  to  www.nwfusion.com, 
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pushes  network  intellig 


PraCurve  Adaptive  EDGE  Architecture  helps  enterprises  cost-effectively 


Hewlett-Packard’s  new  ProCurve 
Adaptive  EDGE  Architecture  aims  to 
turn  networking  inside  out. 


Traditionally,  network  intelligence  resides 
in  the  network  core,  in  the  form  of  large, 
expensive  core  switches  that  enforce  net¬ 
work  access  rights,  security  profiles  and 
traffic  prioritization  while  controlling  traffic 
flow  and  optimizing  bandwidth  utilization. 
Core  switches,  in  turn,  communicate  with 
less  expensive  -  and  less  sophisticated  - 
Layer  2  switches  at  the  edge, 
which  are  designed  simply  to 
provide  end-user  connectivity. 

The  idea  behind  HP’s 
ProCurve  Adaptive  EDGE 
Architecture  is  to  push  many  of 
the  capabilities  of  core  switch¬ 
es  out  to  the  network  edge, 
while  maintaining  cost-effec¬ 
tive  price  points  in  its  edge 
switches.  By  providing  more 
intelligence  at  the  point  where 
users  first  connect  to  the  net¬ 
work,  HP  says  the  new  archi¬ 
tecture  helps  enterprises  meet 
the  challenges  presented  by 
three  of  today’s  most  urgent 
requirements:  security,  mobility 


appropriate  levels  of  security  and  access 
on  a  granular,  per-port  basis.  This  means 
you  don’t  need  to  defer  decisions  about 
security  until  packets  reach  the  network 
core.  With  HP  ProCurve  Adaptive  EDGE, 
authorization  and  security  get  addressed 
at  the  point  where  access  is  physically 
attained,  eliminating  a  host  of  security  risks 
to  the  network. 

Conversely,  access  and  network  services 
are  assigned  on  a  per-user  basis.  When  a 
user  logs  in,  during  the  authentication 
process  the  HP  ProCurve  Adaptive  EDGE- 


the  office.  Adaptive  EDGE-enabled  switches 
can  proactively  support  the  range  of  mobile 
users  at  the  point  of  access,  eliminating  the 
complexities  and  delays  associated  with 
straight-to-the-core  architectures. 

For  example,  if  consultants  or  vendor 
partners  plug  their  mobile  laptop  into  a 
specific  network  port  and  log  onto  your 
corporate  LAN,  that  port  can  be  immedi¬ 
ately  configured  to  provide  the  services 
they  need,  while  restricting  access  to  the 
resources  and  services  they  shouldn’t  see. 


The  HP  ProCurve  5300  Switch,  available  now,  uses  HP-engineered 
ASICs  to  ensure  edge-based  control. 


CONVERGENCE 

Today’s  data  networks  must 
support  a  range  of  applica¬ 
tions,  including  data,  video  and 
voice.  As  more  organizations 
deploy  applications  such  as 
videoconferencing  and  voice- 
over-IP,  it  is  becoming  clear 
that  traditional  IP  networks, 
which  focus  intelligence  at  the 
core,  inadequately  address  the 
traffic  prioritization  and  quality 
of  service  issues  that  these 
applications  raise. 

Converged  applications 
require  that  features  such  as 
QoS,  traffic  conditioning  and 
rate  limiting  are  enforced  at  the 


and  convergence.  HP  also  recognizes  that 
these  challenges  are  interconnected  and 
takes  a  holistic  approach  to  addressing 
them,  rather  than  tackling  each  indepen¬ 
dently. 

“It’s  a  good  architecture,”  says  Vijay 
Bhagavath,  telecom  analyst  at  Forrester 
Research,  a  Cambridge,  MA-based  consul¬ 
tancy.  “Users  really  need  embedded  securi¬ 
ty,  mobility  and  traffic  features  at  the  port 
level,  in  addition  to  the  application  level.  And 
this  is  an  inexpensive  way  to  do  it.” 


SECURITY 

The  Internet,  mobile  workers,  portable 
network  devices  -  they  all  seem  to  be  con¬ 
spiring  to  open  security  holes  within  cor¬ 
porate  networks.  Traditional  network  archi¬ 
tectures,  with  all  intelligence  locked  in  the 
core,  fail  to  adequately  address  the 
requirements  and  the  risks  these  technolo¬ 
gies  present.  HP’s  ProCurve  Adaptive 
EDGE  Architecture,  however,  enables  net¬ 
work  managers  to  push  security  to  the 
edge  of  the  network,  addressing  risks  right 
at  the  point  where  users  first  connect. 

HP’s  architecture  enables  the  network  to 
adapt  to  whoever,  or  whatever,  is  connect¬ 
ing  at  the  time,  providing  at  the  edge  the 


enabled  switch  configures  the  user’s 
access  port  to  support  the  privileges  and 
services  that  user  needs,  whether  it  be  a 
mobile  worker,  a  vendor  partner  or  an 
internal  R&D  engineer.  Network  security 
and  access  profiles  are  pushed  to  the 
edge,  where  they’re  needed  most. 


MOBILITY 

It’s  not  uncommon  to  see  the  same  user 
link  up  to  the  corporate  network  via  a  desk¬ 
top,  a  laptop,  a  home  network,  a  wireless 
PDA  or  even  a  cellphone.  Since  today’s 
workers  no  longer  view  the  hardwired 
desktop  as  their  sole  link  to  corporate 
resources,  today's  networks  can’t  either. 
Networks  need  to  adapt  to  support  this 
range  of  devices  and  access. 

To  provide  wireless  security,  you  must  start 
with  a  secure  wired  network,  and  ensure 
that  the  intelligent  devices  at  the  wired  edge 
can  cooperate  with  the  those  at  the  wireless 
edge.  HP’s  ProCurve  Adaptive  EDGE 
Architecture  takes  this  into  consideration. 
Because  it  pushes  network  security  and  ser¬ 
vice  level  profiles  to  the  edge,  the  architec¬ 
ture  ensures  that  users  have  secure  access 
across  a  range  of  transports,  both  wired  and 
wireless,  whether  they  are  inside  or  outside 


edge  in  a  flexible,  adaptive  manner.  Only  then 
can  these  converged  applications  coexist 
successfully  on  one  robust,  highly  available 
network. 

By  pushing  such  intelligence  out  to  the 
edge,  HP's  ProCurve  Adaptive  EDGE 
Architecture  ensures  that  service  levels 
remain  high,  and  cost-effective,  from  one 
end  of  the  network  to  the  other  -  whether 
the  user  is  connecting  via  the  wired  or  wire¬ 
less  network. 

Traditional  network  designs  can’t  support 
this  wide  range  of  demands  for  services  and 
cost-efficiencies  without  making  trade-offs. 
For  example,  organizations  may  be  able  to 
engineer  a  very  secure  network,  but  not  sup¬ 
port  a  highly  mobile  work  force.  Or  they  may 
be  able  to  engineer  a  network  for  mobility, 
but  lose  some  security  safeguards. 

With  intelligence  at  the  edge,  networks 
can  also  adapt  to  the  demands  of  new 
applications  without  costly  redesigns.  The 
features  and  functions  needed  for  the 
applications  of  today  as  well  as  tomorrow 
are  built  in  and  ready  to  deploy. 


COMMAND  FROM  THE  CENTER 

While  addressing  these  needs  for  securi¬ 
ty,  mobility  and  convergence,  HP’s 
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ence  out  to  the  edge 

address  security,  mobility  and  convergence  demands. 


ProCurve  Adaptive  EDGE  Architecture  also 
ensures  that  the  entire  network  can  be 
managed  from  a  central  location. 

In  other  words,  control  to  the  edge  is 
paired  with  command  from  the  center,  dri¬ 
ven  by  business  needs  and  priorities. 


HOW  IT  WORKS 


There  are  two  key  technologies  at  work  in 
HP’s  architecture:  Remote  Authentication 
Dial  in  Services  (RADIUS)  for  authenticating 
the  users  and  IEEE  802. lx  standard  for 
port  based  access  control. 

A  central  database  -  the  command  from 
the  center  portion  —  holds  information 
about  the  groups  or  “business  communi¬ 
ties”  that  each  user  belongs  to  and  what 
resources  he  or  she  should  be  able  to 
access.  When  a  user  logs  on  to  the  net¬ 
work,  the  switch  gets  profile  information  on 
the  user  from  the  central  database.  That 
information  is  then  translated  into  specific 
network  commands  that  the  switch  uses  to 
configure  the  user’s  port. 

“Because  it  uses  802.1  x,  it  lets  you  create 
a  layer  of  security  right  at  the  network 
layer,”  Forrester’s  Bhagavath  says. 

HP  currently  offers  an  authentication, 
authorization  and  accounting  (AAA)  server 
that  could  be  used  for  these  profiles,  but 
organizations  could  also  use  an  Oracle 
human  resources  database,  for  example, 
making  it  easier  to  change  an  employee’s 
privileges  upon  hiring,  transfer  or  resigna¬ 
tion.  “We  are  investing  heavily  to  make 
command  from  the  center  not  only  easy 
but  configurable  based  on  business  terms, 
not  network  parlance,”  says  Brice  Clark, 
HP  ProCurve  Worldwide  Director  of 
Strategy  and  Business  Planning. 

With  network  privileges  enforced  at  each 
port  depending  on  the  users’  privileges,  HP 
helps  organizations  shift  from  giving  users 
network  rights  based  on  where  they  are,  such 
as  at  a  certain  port  where  the  PC  is  always 
plugged  in,  to  giving  them  rights  based  on 
who  they  are  —  even  if  they’re  accessing  the 
network  from  a  remote  location. 


INCREMENTAL  UPGRADES 

Clark  notes  that  the  ProCurve  Adaptive 
EDGE  Architecture  is  also  designed  to  play 
in  multivendor  networks.  “Wherever  you 
need  that  extra  level  of  control  out  to  the 
edge,  whether  it  be  because  you're  putting 
in  a  new  mobile  network  or  supporting  a 
certain  segment  of  users,  you  can  put  in  one 
of  these  switches,  get  the  control  you  need 
and  still  interoperate  with  the  rest  of  the  net¬ 
work,”  he  says.  That  means  no  forklift 


upgrades  are  required  to  begin  taking 
advantage  of  the  architecture.  ProCurve 
Adaptive  EDGE  switches  will  work  with 
existing  802.1  x-compliant  core  switches 
and  can  even  extend  their  life  by  offloading 
many  decisions  that  can  affect  the  perfor¬ 
mance  of  core  switches. 

Forrester’s  Bhagavath  agrees,  but  notes 
that  users  should  pay  close  attention  to 
how  each  vendor  implements  802. lx  and 
other  policy-based  standards. 

‘They  may  all  support  802.1  x  authentica¬ 
tion,  but  they  may  not  implement  the  policies 
in  exactly  the  same  way,”  he  says.  “They 
may  have  different  quality  of  service  attribut¬ 
es,  different  queuing  schemes,  and  so  on. 
It’s  something  users  need  to  be  aware  of.” 

CONTROL  TO  THE  EDGE  -  NOW 

Elements  of  the  HP  ProCurve  Adaptive 
EDGE  Architecture  are  available  now, 
including  the  HP  ProCurve  Switch  5300, 
which  debuted  last  summer.  The  5300  is 
an  edge  switch  that  uses  HP-engineered 
ASICs  to  support  the  new  architecture  and 
ensure  the  edge-based  control. 

“Anything  in  the  data  path  has  to  be  in 
ASIC,”  Bhagavath  says.  “In  Ethernet 
switches,  there  really  isn’t  a  control  plane, 
it’s  mostly  data  plane,  so  it  makes  sense 
that  this  would  be  implemented  in  ASICs.” 

At  a  street  price  of  just  $65  per  1 0/1 00 
port,  the  5300  can  handle  a  broad  range  of 
security  chores  as  well  as  Layer  3  and  4 
traffic  prioritization  features.  For  example, 
the  5300  lets  administrators  assign  a  user 
to  a  virtual  LAN  within  the  AAA  server  data¬ 
base  and  then  use  802.1  x  to  enforce  that 
assignment. 

“Products  like  the  5300  let  customers 
deploy  next-generation  intelligence  at  the 
network’s  edge  at  an  affordable  price 
point,”  Clark  says. 

AN  INDUSTRY-STANDARD 
PATH  TO  THE  FUTURE 

HP  will  build  on  the  family  of  ASICs  used 
in  the  5300  to  deliver  additional  command 
from  the  center  products  in  phases 
throughout  the  rest  of  this  year  and  into 
2004.  New  functions  will  include  support 
for  additional  databases  and  authentica¬ 
tion  servers. 

As  it  evolves,  the  HP  ProCurve  Adaptive 
EDGE  Architecture  will  deliver  on  five  key 
areas,  consistently  employing  industry 
standards  to  support  control  to  the  edge. 
“The  whole  idea  is  to  support  industry 
standards,”  Clark  says.  “The  last  thing 
organizations  need  is  to  get  locked  in  to  a 


proprietary  technology  as  networks  and 
applications  evolve.”  The  five  areas  are: 

•  Providing  end-to-end  traffic  monitoring 
to  control  bandwidth  optimization  across 
the  network 

•  Full  integration  of  industry-standard 
VLAN  and  security  to  provide  access  man¬ 
agement  features  unavailable  on  non- 
EDGE  enabled  ports 

•  Industry-standard  traffic  routing  and 
Layer  2  meshing  for  path  failover  and  mul¬ 
tipath  load  balancing 

•  Traffic  prioritization  features  to  provide 
traffic  type  coexistence  and  CoS  functions 
for  current  and  future  convergence  needs 

•  Centralized  command  of  the  edge  for 
easy  implementation  and  management  of 
end  user  security  and  application  policies 

The  HP  ProCurve  Adaptive  EDGE 
Architecture  is  poised  to  enable  today’s  net- 
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works  to  evolve  to  meet  new  business  needs. 

“As  more  advanced  applications  like 
mobility  and  multi-service  networks 
become  pervasive,  more  functionality  must 
exist  at  the  edge  of  the  network  to  charac¬ 
terize  and  isolate  traffic,”  says  John 
McHugh,  vice  president  and  general  man¬ 
ager,  HP  ProCurve  Networking  Business. 
“The  new  generation  of  network-based 
applications  customers  are  implementing 
can  deliver  real  efficiencies,  but  can  also 
make  the  underlying  networks  far  too 
complex  and  expensive  if  not  architected 
appropriately.  Only  the  HP  ProCurve 
Networking  Adaptive  EDGE  Architecture 
lets  customers  implement  the  needed 
functionality  at  prices  they  can  afford.” 


The  Extended  Enterprise  Issue 


XTENDED  ENTERPRISES 


We’ve  arrived  at  the  next  phase  in  e-business  development,  complete  with  its  own 


The  extended  enterprise  model 

Shared  IT  resources  comprise  the  nucleus  of 
this  next-generation  business  infrastructure. 
Security  perimeters  protect  the  nucleus  and 
each  additional  layer.  Access  is  based  on  role 
rather  than  physical  location. 
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The  model  grows  up 

Extended  enterprises  —  which  go  by  many  names 
(see  related  story,  page  45)  —  let  constituents  work  in 
real  time  across  heterogeneous  environments,  and 
across  public  and  private  networks,  to  get  needed 
information  to  the  right  person  or  application.  While 
architectural  details  vary  from  company  to  company  a 
generic  conceptual  model  of  the  extended  enterprise 
has  begun  to  emerge. Tliis  model  shows  a  big  architec¬ 
tural  shift  (and  more  complex  design)  from  the  hub- 
and-spoke  model  of  the  mainframe  or  the  three  tiers 
of  client/server  (on  which  early  e-business  systems, 
too.  were  modeled). 

Imagine  a  dartboard.  Core  IT  resources, such  as  hard¬ 
ware,  mission-critical  software  and  data,  go  in  the 
bull's-eye,  while  e-business-related  applications  for  cus¬ 
tomers,  partners  and  roving  employees  reside  in  the 
next  ring.  A  security  perimeter  meant  to  restrict  access 
protects  each  ring.  Public  data  or  consumer  applica¬ 
tions, if  a  company  has  any,  go  in  a  third  ring.  A  securi¬ 
ty  peri  meter  also  protects  this  ring,  although  it  is  less 
rigid  than  the  perimeters  for  the  inner  rings  because 
its  goal  is  to  protect  content,  not  to  restrict  access. 
Applications  residing  in  the  e-business  or  public  layers 


might  call  on  data  and  network  connections  in  the 
core, should  they  have  the  security  authority  to  do 
so.  Users  rely  on  the  gamut  of  network  connections 
to  access  their  areas  of  the  extended  enterprise. 

Complexity  at  the  core 

Simple  enough  ...  or  is  it?  Defining  what  falls  in  the 
core  can  get  complicated  fast  because,  in  the  extend¬ 
ed  enterprise,  those  IT  resources  don’t  all  belong  to 
you.  Ownership  slops  over  neatly  defined  perimeters 
into  customer, supplier,  business  partner  and,  in  some 
cases,  employee  domains  (in  the  latter  case,  through 
PDAs,  cell  phones  and  DSL  connections). 

When  zooming  in  on  those  core  IT  resources,  we 
see  five  elements,  owned  and  shared  among  the 
four  user  groups.  First  we  find  business-critical  appli¬ 
cations,  such  as  those  used  for  the  general  ledger  or 
for  manufacturing  control. These  are  often  Webified. 
An  order-entry  application  residing  in  the  middle  or 
outer  ring  might  ask  for  data  from,  or  feed  data  into, 
the  core  general  ledger  application.  But  customers 
do  not  get  direct  access  to  the  core  application, 
which  is  heavily  protected  from  anyone  outside  the 
company  —  and  even  from  many  employees. 


Middleware  glues  the  applications  together  and  acts 
as  the  go-between  for  the  user  interface  and  data,  or 
the  network  management  tasks.  Servers  and  storage 
come  next,  contributing  processing  power  and  data 
management. This  depends  on  network  hardware  to 
transport  the  information,  and  all  of  it  rests  on  meth¬ 
ods  for  connecting  to  the  extended  enterprise. 

These  symbiotic  IT  relationships  create  a  service-ori¬ 
ented  business  ecosystem.  Here’s  how  the  order-entry 
process  might  work  within  such  an  environment: 

A  customer  (or  automated  system  via  Web  serv  ices) 
places  a  product  order  through  a  Web-based  applica¬ 
tion. The  application  verifies  the  product  is  in  stock, 
calculates  total  cost  by  adding  in  shipping  fees  it  has 
retrieved  from  the  appropriate  business  partner  and 
issues  an  electronic  invoice. Then,  because  fulfilling 
the  order  drops  internal  stock  below  a  predetermined 
threshold,  the  application  sends  suppliers  a  bid  re¬ 
quest  for  raw  materials.  But  that’s  not  all. The  applica¬ 
tion  checks  with  a  CRM  system  to  determine  whether 
the  customer  needs  a  purchase  order  number.  If  so,  it 
requests  one,  which  triggers  creation  of  a  purchase 
order  on  the  customer’s  end.  Confirmation  numbers 
are  exchanged  and  payment  is  collected  and  sent  to 
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ing  purchasing  decisions  on  new  enterprise  applica¬ 
tions.  More  than  90%  of  respondents  said  they  want 
new  applications  to  have  solid  security  features  as  a 
result  of  the  extended  enterprise.  More  than  three- 
quarters  also  want  support  for  Web  standards  and  a 
clear  strategy  for  how  the  vendor  plans  to  implement 
Web  services. The  ability  to  integrate  with  external 
partner  applications  is  considered  by  61%,  and  45% 
want  their  new  enterprise  applications  to  be  outfitted 
for  mobility  and  wireless  access. 

Readying  the  infrastructure  for  an  extended  enter¬ 
prise  model  also  means  embedding  intelligence  into 
the  network  in  every  feasible  way.  Improved  automa¬ 
tion  methods  within  storage,  server,  routing  and  net¬ 
work  management  products-  will  let  systems  heal 
themselves.This  will  improve  resiliency  when  so 
much  rides  on  a  single,  interwoven  system.  Such 
intelligence  also  promises  to  ease  problem  diagnosis 
—  a  sticky  issue  when  multiple  parties  own  systems. 

But  most  importantly,  network  executives  must  take 
responsibility  for  visionary  leadership. Your  work  now 
touches  everyone  who  comes  in  contact  with  your 
company. The  changes  in  your  IT  systems  affect  how  ; 
your  company  does  business  and  vice  versa. ■ 


the  general  ledger  application. 

Customers,  on-site  customer  service  repre¬ 
sentatives  and  traveling  salespeople  would 
use  this  same  order-entry  business  service. 
Other  people,  too,  would  tap  in:  the  accounts 
receivable  people  at  the  company  looking  to 
validate  data,  suppliers  and  third-party  part¬ 
ners  (such  as  shippers)  looking  to  issue  their 
own  invoices,  and  accounts  payable  people  at 
the  customer,  looking  to  reconcile  accounts. 


Elegant  and  intermingled 

Intermingled  ownership  no  doubt  causes 
problems.  For  instance,  how  can  data  be 
coded  so  everyone’s  systems  can  understand 
it  easily?  How  can  a  persons  identity  and  role 
be  determined  when  location  is  no  longer  a 
factor?  How  can  reliability  be  increased  and 
finger-pointing  minimized  when  a  system  fail¬ 
ure  occurs? 

Still. gazing  past  such  short-term, technical 
issues,  we  can  see  that  the  extended  enter¬ 
prise  is  an  elegant  design.  Sharing  a  single 
ecosystem  is  certainly  more  efficient  than 


telling  every  company  to  fend  for  itself. Through 
widespread  initiatives  such  as  myriad  Web  ser¬ 
vices  development  efforts  and  the  Liberty 
Alliance’s  identity  management  specifications, 
the  network  industry  is  trying  to  address  the 
technical  burdens  of  sharing  data,  software  and 
hardware. 

Network  executives  who  get  involved  in,  or  at 
least  follow,  these  efforts  will  be  ahead  of  the 
competition  as  extended  enterprises  proliferate 
and  grow  more  sophisticated.  (They  will  also 
get  their  say  on  how  their  data  should  be 
shared.) 

In  a  survey  of  150  Network  World  readers 
conducted  in  December  2002,  we  found  that 
most  organizations  have  begun  the  design  and 
development  phase  of  their  extended  enter¬ 
prises,  which  they  see  as  growing  in  business 
importance.  Some  98%  of  respondents  said  the 
extended  enterprise  has  some  level  of  impor¬ 
tance  to  the  successful  operation  of  business, 
with  84%  calling  that  level  either  “important,”  or 
“very  important.” 

And  the  extended  enterprise  concept  is  shap¬ 


Name  that  network 

Nearly  all  industry  thinkers  agree  that  a 
major  shift  is  taking  place  in  e-business 
infrastructure  development.  The  term 
‘extended  enterprise'  is  used  commonly, 
but  here  are  a  few  others: 

•  The  real-time  enterprise.  This  term 
focuses  on  the  speed  at  which  information 
becomes  available.  When  all  constituents 
are  armed  with  data  in  real  time,  latency 
among  automated  IT  systems  and  human 
decision-makers  is  virtually  eliminated. 
This  squashes  inefficiencies  and  increases 
revenue  per  employee,  so  the  premise 
says.  Meta  Group  predicts  that  the  real¬ 
time  enterprise  will  be  the  norm  by  2008. 
By  then,  it  says,  most  companies  will  have 
converted  their  current  collection  of 
batch-processing  and  near-real-time 
information  systems  to  super-speedy, 
“just-in-time”  processes. 

•  Dynamic  commerce  services.  IDC  uses 
this  phrase  to  underscore  the  platform- 
independent,  Web  services  aspect  of  the 
next-level  e-business  infrastructure.  IDC 
predicts  Web  services  will  grow  from  a 
$1.6  billion  market  in  2004  to  $34  billion  by 
2007,  when  tallying  up  software,  services 
and  hardware  sales. 

•  The  virtual  extended  enterprise. 

Burton  Group  couples  this  term  with  a 
conceptual  model  that  names  four  lay¬ 
ers:  resource,  control,  perimeter  and 
extended  perimeter.  These  correspond, 
respectively,  to  basic  IT  services  of  the 
network,  servers  and  data;  employees 
and  security  systems;  partners;  and 
suppliers  and/or  customers. 

—  Julie  Bort 


Grainger  CIO  Tim  Ferrarell 
describes  how  this  industrial 
products  and  e-business  leader 
has  extended  its  reach  to 
customers  and  suppliers. 


Grainger,  a  75-year-old  industrial  products  giant, 
has  a  laser-like  focus  when  it  comes  to  serving  its 
1.5  million  customers  on  their  terms.  The  com¬ 
pany,  which  supports  manufacturing  facilities  in 
markets  ranging  from  hydraulics  to  office  sup¬ 
plies,  has  harnessed  the  Web  to  reach  buyers  and 
to  monitor  its  1,200  suppliers. 

Consider  Grainger’s  Web  application  Supply 
Chain  Sentry,  which  the  Chicago  company  uses  to 
rectify  problem  shipments.  If  Grainger  receives  a 
damaged  shipment,  it  takes  a  digital  photo  and 
sends  it  to  the  supplier.  The  supplier  can  dash  off 
the  replacement  merchandise  after  using  the  digi¬ 
tal  snapshot  to  verify  the  damage.  A  vigilant  gate¬ 
keeper,  Supply  Chain  Sentry  also  uses  paging 
technology  and  pop-up  windows  to  alert 
appointed  contacts  at  suppliers  of  potential  prob¬ 
lems  with  shipments.  CIO  Tim  Ferrarell  describes 
this  unique  application  and  others  Grainger  uses 
in  its  extended  enterprise  in  an  interview  with 
Jennifer  Jones,  on  assignment  for  Network  World. 


What  makes  Grainger  unique? 

What  separates  us  is  our  use  of  IT  to  integrate  our  vari¬ 
ous  sales  channels. This  integration  helps  Grainger  pro¬ 
vide  seamless  service  to  customers  whether  they  order 
via  phone,  fax,  the  Internet  or  the  branch  location. 
Grainger’s  goal  is  to  make  it  easy  for  customers  to  find 
the  products  they  need  and  get  them  quickly. 

Saving  customers  time  and  effort  requires  being  close 
by  with  solutions  to  their  problems.  Grainger  accom¬ 
plishes  this  is  by  deploying  ‘dispensing  and  locker’  tech¬ 
nologies  at  customer  sites. These  allow  us  to  get  inventory 
closer  to  the  customer  so  it’s  there  when 
needed. This  equipment  must  be  con¬ 
nected  to  customers  and  to  Grainger,  and 
work  in  a  highly  integrated  fashion. 

Give  us  some  details  on  dispensing 
and  locker  technologies.  How 
are  they  part  of  your  extended 
enterprise? 

Historically  customers  who  wished  to 
carry  an  inventory  of  frequently  used 
products  on-site  stored  them  in  a  tool 
crib  or  some  other  manned  storage  facil¬ 
ity  The  challenges  with  this  approach  are 
typically  record-keeping  and  inventory 
control.  Inventory  costs  and  service  levels  can  get  out  of 
hand  in  a  hurry. 

Now  Grainger  provides  automated  dispensing  equip¬ 
ment,  which  is  connected  to  a  customer’s  purchasing  sys¬ 
tem  and  to  Grainger’s  supply  chain. The  dispensers  look 
like  industrial-strength  candy  machines  but  act  more  like 
[automated  teller  machines]  .They  only  release  supplies 
to  properly  identified  and  authorized  users.Transactions 
are  posted  immediately  to  all  affected  accounts.The  sys¬ 
tem,  available  24-7,  generates  more  accurate  accounts 
than  manual  processes.  Customers  know  what  is  being 
used,  who  is  using  it,  the  purpose  it’s  being  used  for  and 

other  pertinent  information. 

The  automated  dispensers  also  provide  Grainger 
with  a  purchase  history  so  products  can  be 
replenished  as  needed. The  result  is  no 
more  ‘stock  out’  [notices]  or  excess 
inventory.  Service  quality  goes  up, 
and  money  wasted  on  excess 


inventory  gets  invested  elsewhere. 

Grainger’s  lockers  work  in  a  similar  fashion,  except 
they  are  controlled  delivery  points  for  previously  placed 
orders.To  extend  our  business,  we  realized  we  had  to 
have  an  architecture  that  let  a  lot  of  what  we  do  happen 
at  the  edge  of  the  enterprise.  We  maintain  a  competitive 
advantage  by  providing  the  easiest  access  to  our  cus¬ 
tomers  at  the  point  closest  to  their  actual  need.  We  grew 
a  $4  billion  business  [this  way]. 

Now  technology  is  enabling  that  strategy  to  go  a  lot 
further. Through  our  dot-com  initiative,  we’re  pushing 
even  closer  to  the  customer  with  fea¬ 
tures  such  as  search  capabilities  that 
allow  users  to  select  product  lines  and 
have  access  to  those  products  24-7. 

We  think  of  this  as  a  multichannel 
model.  Whether  a  customer  clicks  on¬ 
line,  places  a  call  or  stops  by,  the  transac¬ 
tion  needs  to  flow  into  the  same  system. 
Naturally  that  has  posed  challenges  for 
our  network.  But  we’ve  managed  to 
accomplish  this  by  harnessing  the 
efforts  of  vendors  such  as  WebMethods 
and  by  using  technology  such  as  [elec¬ 
tronic  data  interchange], We  use  the 
connectivity  tools  that  work  for  our  cus¬ 
tomers.  EDI  will  be  around  for  a  while,  and  we  will  offer 
it  to  customers  who  prefer  it.  WebMethods  [integration 
software]  connects  our  Web  site  to  our  core  order  man¬ 
agement  system. 

What  challenges  did  you  face  in  building  your 
extended  enterprise? 

Security  comes  immediately  to  mind.  Because  our  net¬ 
works  were  designed  to  keep  transactions  inside  the 
basic  system,  we’ve  had  to  employ  many  of  the  more 
common  security  checks.  Security  also  is  an  issue  in  that 
we  constantly  keep  pushing  the  boundaries  of  where 
information  and  transactions  take  place.  For  example, 
there  is  now  a  move  among  manufacturers  to  incorpo¬ 
rate  the  use  of  handheld  access  devices  into  their  sys¬ 
tems,  and  that  can  easily  leave  a  system  exposed  if  safe¬ 
guards  are  not  in  place. 

Grainger  is  moving  from  a  location-based  security 
model  to  a  role-based  security  model.  In  doing  so,  we 
will  need  a  convenient  and  effective  authentication 
mechanism  to  provide  secure  access.  We  are  experi¬ 
menting  with  physical  and  software  tokens,  and  we 
might  consider  biometrics. 

What’s  next  for  your  infrastructure? 

For  us,  the  future  always  rests  with  the  needs  of  our  cus¬ 
tomer.  For  example,  we  might  be  supporting  a  main¬ 
tenance  person  who  is  working  in  a  100,000square-foot 
manufacturing  plant,  where  the  inventory  room  is  at  the 
far  corner,  and  he  wants  to  place  an  order  from  the  other 
side  of  the  facility  This  person  does  not  want  to  waste 
time  and  must  have  in  his  pocket  all  of  the  information 
he  needs  to  place  an  order. Those  are  the  kinds  of  practi¬ 
cal  challenges  that  are  of  major  importance  to  us. 

Jones  is  a  freelance  writer  in  Vienna,  Va.  She  can  be 
reached  at  jjwriterva@aol.com. 


Grainger  receives 
approximately 

150,000 

orders  and 
handles  about 

300,000 

customer  contacts 
daily. 


■  Jk  ■ ;  ,  :  ■  ;  ■  : 

Waters  continue  to  rise.  Winds  are  relentless.  Even  a  year  ago 

■ 


Communications  Queen. 


* 


i'i wh/f*  '•  •. . v  .  .  1; 

»K,! 


r  JatP, 


^|PP« 


> 


V. 


Saw; 


■ 


m 


m 


T 


Y:i:- 


■/v" 


a  drop  of  emergency  supplies  under  such  conditions  would 


ive  been  nearly  impossible.  But  with  network  capabilities 
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media,  employees  like  Rachel  can  coordinate 
multiple  teams  in  scattered  locations.  And  stay  in  constant 


Meet  Rachel.  Crisis  Coordinator. 


contact  as  weather  patterns  quickly  shift  drop  coordinates.  At 


Nortel  Networks,  we  call  this  "the  engaged  business  model" 


And  we  make  it  happen  by  allowing  businesses  to  engage  their 
employees  with  ways  to  work  more  productively  as  teams. 
Eliminating  boundaries  by  anticipating  user  needs.  Delivering 
critical,  time-sensitive  information  on  whatever  device  they  can 


access.  Encrypted  for  security,  info  gets  to  where  it  needs  to  go 
and  nowhere  else.  End  of  story:  Rachel  and  her  team  save  time 
and  money  as  they  race  to  help  people  in  need.  All  delivered 
by  our  enterprise  vision.  One  network.  A  world  of  choice. 
nortelnetworks.com/onenetwork 
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extended  enterprise 
get  tough  on  wayward 
VPN  users  with  new 
remote  policy 
enforcement  tools. 


■  BY  JOANNE  CUMMINGS 


A  developer  takes  her  laptop  home  to  get  extra 
work  done.  Before  she  starts,  she  disables  her  anti¬ 
virus  software  because  it  scans  every  file  and  tends  to 
bog  down  the  compile.  The  code  compiles,  she 
checks  her  work  and  is  done  with  it  for  the  evening. 
She  then  reads  a  few  e-mails  in  her  personal  account 
and  surfs  a  couple  of  Web  sites.  Before  logging  off  for 
the  night,  she  decides  to  upload  her  just-finished 
code  to  the  office  server,  so  she  accesses  the  corpo¬ 
rate  LAN  remotely  via  VPN.  Unfortunately,  she  forgets 
to  reactivate  her  antivirus  software,  and  unbe¬ 
knownst  to  her,  the  laptop  has  become  infected 
with  the  Nimda  worm.  The  result  is  Nimda 
wreaks  havoc  across  the  corporation. 
Welcome  to  Dennis  Peasley's  nightmare. 

A  scenario  much  like  this  one  led  Peasley. 
corporate  information  security  officer  at 
Zeeland,  Mich.,  office  furniture  giant 
Herman  Miller,  to  roll  out  a  new  breed  of 
security  tool  —  remote  policy  enforcement 
software  —  to  900  remote  users  worldwide. 
“If  we  had  remote  policy  enforcement  in 
place  at  the  time,  Nimda  never  would  have  gotten 
into  the  network,"  says  Peasley.  who  now  uses  Zone 
Labs’  Integrity  remote  policy  enforcement  tool.  "We 
never  would  have  let  the  developer  in  until  the  fire¬ 
wall  and  antivirus  [signatures]  were  up  to  date." 


Babysitting  network  access 

Within  the  last  year  or  so,  remote  policy  enforce¬ 
ment  tools  have  become  available  from  vendors  such 
as  InfoExpress,  Sygate  Technologies  and  Zone  Labs. 
The  tools  consist  of  client  software,  which  has  per¬ 
sonal  firewall  and  management  pieces,  and  server 
software  that  communicates  with  the  client  and  inte¬ 
grates  with  the  corporate  VPN.  The  tool  checks 
whether  remote  VPN  users  have  specific  files 
installed,  active  and  working  properly,  such  as  per¬ 
sonal  firewalls  and  antivirus  programs.  If  the  remote 
machine  doesn't  meet  corporate  security  require¬ 
ments,  network  access  is  denied. 

Offending  users  are  then  redirected  to  a  “quaran¬ 
tine”  area  on  the  remote  policy  enforcement  server, 
from  where  they  are  prompted  to  turn  on  the  fire¬ 
wall,  restart  the  antivirus  program  or  download  the 
latest  signatures  —  whatever  is  required  to  come 
into  compliance.  Only  when  the  remote  machines 
meet  the  specified  security  profile  are  they  granted 
access  to  the  corporate  network. 

“When  remote  users  connect  to  Herman  Miller,  all 
they  can  get  to  is  the  Integrity  server,"  Peasley  says. 

“It  checks  that  they  have  the  Integrity  client  software 
running  and  that  they  have  their  personal  firewall  and 
the  latest  antivirus  [signatures].  It  works  as  a  logical 
[demilitarized  zone]  in  our  environment.  Once  they 
have  all  the  criteria  satisfied  for  connecting  in,  then 
the  system  lets  them  log  on  to  the  rest  of  the 
domain.” 

Early  users  say  the  tools  are  far  better  than  a  VPN 
alone.“VPN  vendors  should  have  had  something  like  this 

See  Policy,  page  50 


Dennis  Peasley,  corporate  information 
security  officer  at  Herman  Miller, 
might  not  be  able  to  see  the  folks  sit¬ 
ting  at  the  furniture  giant's  remote 
offices,  but,  by  using  special  new  soft¬ 
ware,  he  can  force  their  compliance 
with  security  policy. 
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right  from  the  beginning.” says  Ken  Tyminski,  chief  infor¬ 
mation  security  officer  at  Prudential  Financial,  in 
Newark,  NJ. 

Prudential  is  rolling  out  Sygates  Secure  Enterprise 
remote  policy  enforcement  tool  to  20,000  remote  users 
who  currently  access  the  network  via  a  Nortel  VPN  (see 
related  story  at  www.nwfusion.com,  DocFmder:  4321). 

Like  most  companies,  we  have  a  secure  VPN,  but  having 
a  secure  VPN  and  someone  connected  over  it  who’s  not 
running  virus  protection  is  the  same  as  providing  a  very 
secure  conduit  for  spreading  a  virus.That’s  why  these 
tools  are  so  important,” he  says. 

Before  these  tools,  keeping  remote  machines  secure 
was  hit  or  miss,  users  say“Many  of  the  people  who  con¬ 


nect  remotely  to  us  do  so  infrequently  Tyminski  explains. 
“Virus  protection  gets  loaded  on  their  machine,  but  they 
don’t  get  the  updates  because  when  we  distribute  them 
internally,  their  machines  aren’t  connected.  We  distribute 
to  them  the  next  time  they  connect,  but  when  they’re 
coming  in  over  a  low-speed  connection  and  we  try  to 
push  some  of  the  signature  files,  it  takes  forever.  And  1  sus¬ 
pect  that  as  a  result  of  that,  people  disable  the  software. 
Sygate  ensures  that  the  software  is  stable  and  current.” 

The  tools  also  can  block  inappropriate  software.  Peasley 
says  Integrity,  through  the  firewall  piece,  logs  every  appli¬ 
cation  accessing  the  lnternet.“So  we  see  when  people 
are  running  Morpheus  for  peer-to-peer  sharing,  for  exam¬ 
ple,  which  we  don’t  allow  in  our  environment,”  he  says. 
“We  then  block  those  with  the  firewall.  But  we  can  also 
see  the  new  ones  show  up  and  address  them  as  we  see 
fit.  It’s  very  proactive." 

Tyminski  agrees.“You  wouldn’t  want  somebody  running 
a  music-sharing  program  while  connected  to  us. Sygates 
too!  lets  us  check  the  remote  machine  for  things  like 
Napster  or  Gnutella  and  then  block  access  if  it  finds  them," 
he  says.  Once  the  offending  software  is  removed,  the 
remote  machine  can  be  granted  access  to  the  network. 

The  software  also  ensures  that  the  remote  PC  is  running 
current  levels  of  corporate  software. 

Enterprise  challenges 

Still,  the  tools  aren't  perfect. They  mostly  grew  up  from 
consumer-based  personal  firewall  products, and  that  can 


make  configuring  them  to  manage  thousands  of  users  dif¬ 
ficult. 

“This  market  is  backwards,” says  Jason  Wright,  industry 
analyst/program  leader  for  security  technologies  at 
Frost  &  Sullivan.“Most  security  technologies  start  tar¬ 
geted  to  the  large  enterprise,  and  then  filter  to  the  mid¬ 
dle  market, small  office/home  office  and  consumer. 
Remote  policy  enforcement  tools  started  at  the  con¬ 
sumer  end,  and  now  vendors  are  trying  to  build  up  the 
scale  to  address  the  enterprise  market.  But  starting  small 
and  then  building  in  enterprise-level  capability  and 
management  is  a  challenge.” 

To  that  end,  all  major  vendors  are  concentrating  on 
ease  of  management  in  their  latest  releases.  For  example, 
Zone  Labs’  Integrity  2.0,  which  debuted  at  Comdex  Fall 
2002,  now  lets  users  set  policies  based  on  user  groups, 

rather  than  simply  the  VPN 
gateway  they  access. 
Similarly, Sygates  latest  edi¬ 
tion  offers  better  reporting 
tools,  and  InfoExpress’  lat¬ 
est  version  of  Cyber- 
Gatekeeper  adds  support 
for  additional  types  of 
remote  computers,  includ¬ 
ing  Macintosh  and 
Windows  CE  systems. 

“If  you  can’t  manage 
something  or  configure  it 
correctly,  then  it  won’t  be 
secure. These  tools  are  get¬ 
ting  better  in  that  respect. 
We’re  seeing  more  features, 
more  options,  better  intu¬ 
itive  interfaces,  all  of  which 
will  improve  the  usability 
and  the  security.  But  it’s 
something  to  be  aware  of,” 
Wright  says. 

The  current  tools  also  are 
fairly  dependent  on  the 
VPN  installed,  and  those 
that  can  be  managed  from 
the  VPN  console  provide 
the  most  functionality 
When  bundled  with  the 
Cisco  3000  Series  VPN  products,  Integrity  can  rely  on  the 
VPN  to  ping  the  remote  machine  constantly  and  ensure 
compliance  even  after  initial  logon.  Similarly,  InfoExpress 
and  Sygate  have  a  handful  of  VPN  partnerships  in  place 
and  are  scrambling  to  get  more. 

“Users  really  hate  having  two  management  consoles  — 
one  for  the  VPN  and  one  for  the  endpoint  security’ 

Wright  says. 

Cost  also  is  a  factor.  In  the  past  year,  Herman  Miller’s 
Pfeasley  has  seen  Integrity’s  per-licensing  cost  nearly  dou¬ 
ble  as  Zone  Labs  adds  functionality  and  keeps  up  with 
the  going  market  rate.  His  initial  rollout  to  900  users  cost 
about  $30  per  seat,  or  $27,000.  Now,  licensing  the  tool  for 
400  users  is  going  to  cost  him  about  $25,000,  he  says.Tm 
still  going  to  buy  the  licenses,  but  I  can’t  do  the  whole 
enterprise  as  planned,”  Peasley  adds,  noting  that  he  had 
wanted  to  outfit  each  of  the  company’s  1 ,600  laptops 
with  the  software. “That’s  getting  nuts.” 

To  avoid  such  sticker  shock,  Paul  Burroughs,  IT  project 
manager  for  VPN  support  and  systems  integration  at 
KPMG,in  Montvale.N.J.,  plans  to  buy  licenses  for  all  seats 
at  once.  Burroughs  is  considering  several  remote  policy 
enforcement  tools,  including  InfoExpress’ Cyber- 
Gatekeeper,  to  protect  his  more  than  26,000  users. 
InfoExpress  charges  $6,500  per  server,  which  supports 
10,000  concurrent  users. 

“We’re  going  to  roll  [remote  policy  management]  out 
to  everyone  because  we  rolled  our  remote-access  prod¬ 
uct  out  to  everybody  Burroughs  says.“Whether  they’re 


Mow  remote  policy  enforcement  tools  work 

O  A  user  establishes  a  VPN  connection  to  the  corporate  network  and  the  remote 
policy  enforcement  client  software  scans  the  PC.  It  sends  a  log  to  the  enforcement 
server,  which  collaborates  with  the  VPN  concentrator. 

©  The  enforcement  server  audits  the  PC  log  for  conformance  with  corporate 
software  policy.  For  example,  it  verifies  that  personal  firewall  and  antivirus 
software  are  turned  on  and  up  to  date. 

©  If  the  PC  meets  software  policies,  the  enforcement  server 
allows  access  to  corporate  resources. 

©  If  the  PC  is  not  in  compliance,  because  anti¬ 
virus  software  is  turned  off,  for  example  — 
the  enforcement  server  denies  access, 
redirecting  the  user  to  a  “quarantine” 
area  on  the  server  and  prompts  for 
restarting  the  missing  application. 

©  Once  the  user  updates  the  PC  L  server  with 

appropriately,  the  enforcement 
server  allows  access. 
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LAN: 


using  remote  access  or  not  yet,  we  have  to  do  that.  But 
we  re  going  to  buy  all  26,000  licenses  upfront, so  we 
avoid  those  pricing  issues.” 

Prudential’s  Tyminski  plans  to  deploy  policy  enforce¬ 
ment  servers  to  protect  the  network  internally,  he  says. 
This  will  stop,  for  instance,  the  case  where  a  user  physi¬ 
cally  traverses  the  safeguards  by  entering  the  office, yank¬ 
ing  out  a  sanctioned  machine  to  plug  in  a  laptop.  Using 
Sygate  will  deny  that  user  network  access. 

“When  you  think  about  it, "Tyminski  says, “the  ability  to 
control  someone  who’s  connected  to  your  network, 
whether  remotely  or  locally  to  enforce  your  policies 
is  key” 

Cummings  is  a  freelance  writer  in  North  Andover,  Mass. 
She  can  be  reached  at  jocummings@attbi.com. 


Five  critical  decision  points 

Ask  vendors  these  five  questions  to  determine 
the  best  policy  enforcement  tool  for  you. 

1.  How  well  does  it  work  with  your  VPN? 

"You  want  to  see  if  the  vendor  has  partnerships  and 
understand  how  tightly  it  can  integrate  with  the 
[existing]  VPN  gateway  and  management  console," 
says  Jason  Wright,  an  analyst  with  Frost  &  Sullivan. 

2.  How  well  does  it  scale?  A  tool  that  can 
manage  and  enforce  policies  for  900  remote  users 
might  have  trouble  scaling  to  26,000. 

3.  How  easy  is  it  to  manage?  Ideally,  the 
remote  policy  enforcement  and  VPN  software 
can  be  managed  from  one  console. 

4.  Can  it  enforce  policies  beyond  the 
existence  of  firewalls  and  antivirus? 

The  best  tools  ensure  the  latest  versions  of 
firewall  and  antivirus  signatures  are  in  place, 
as  well  as  the  standard  operating  system  and 
office  productivity  software.  It  should  also  be 
able  to  block  nonsanctioned  software. 

5.  How  well-designed  is  its  quarantine 
area?  The  point  of  remote  networking  is  lost 
if  access  is  denied  and  productivity  thwarted. 
Tools  should  provide  a  safe,  easy-to-navigate 
area  where  users  can  get  in  line  with  security 
policies.  The  best  tools  offer  Web-based 
quarantine  areas  with  user-defined  hotlinks 
to  virus  signatures  or  other  downloads. 

—  Joanne  Cummings 
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More  online 

Visit  the  Extended  Enterprise  portal 
on  fusion  for  remote  policy 
enforcement  tool  pricing  data. 
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Halliburton's  IT  team  and  business  developers, 
includinng  (from  left)  Shawn  LeBlanc,  Art  Huff¬ 
man  and  Brandon  Lackey,  take  a  no-nonsense 
approach  when  it  comes  to  making 
myHalliburton.com  an  indispensable  resource 
for  customers,  suppliers  and  employees. 
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PICKING 
THE  WINNER 

j.l;: the  Extended  Enter- 
;  prise  Innovator  Award 

:  honors  user  organiza¬ 

tions  for  significant 
projects  that  connect 
employees,  customers 
and  business  partners 
through  one  technol¬ 
ogy  architecture.  Net¬ 
work  industry  profes¬ 
sionals  submit  nomi¬ 
nations,  which  Net¬ 
work  World  editors 
evaluate  for  technical 
sophistication,  innova¬ 
tion  and  business 
impact. 

This  year,  oil  indus¬ 
try  giant  Halliburton 
wins  the  award  for 
a  complex  business 
portal  rich  with  inter¬ 
active  tools,  collabo¬ 
rative  applications 


and  e-commerce  cap¬ 
abilities,  The  portal 
draws  on  the  compa¬ 
ny’s  back-end  ERP 
applications  and 
serves  employees, 


ENTANGLEMEN1 


customers  and  sup¬ 


pliers.  In  its  first  year 
of  operation,  the  my- 
Halliburton.com  por¬ 
tal  influenced  a  re¬ 
ported  $120  million  in 
;  sales,  improved  cor- 
'  porate  efficiencies  to 
the  tune  of  $500,000 
i  and  led  to  reduced 
^ .bilhpayment  cycles. 

Already  a  big  thrust, 
;Yiss)iJabbration  promis- 
v^.t&$edome  a  portal 
^HUh^rk  as  de.velop- 
‘'  ^YvCbfkSider  addi- 
, ways'  of  open- 
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Halliburton  wins  the 
2003  Extended 
Enterprise  Innovator 
Award  for  creating  a 
sophisticated  yet  easy- 
to-use  portal  that  deliv¬ 
ers  rich  technical  con¬ 
tent,  interactive  tools, 
collaborative  features 
and  e-commerce  func¬ 
tions  for  customers,  sup¬ 
pliers  and  employees. 


BY  BETH  SCHULTZ 


enevolent  entanglement.”  The  phrase  might  be  a  mouthful,  but 
the  concept  is  what  building  an  extended  enterprise  network 
ought  to  be  all  about,  says  Brandon  Lackey,  portal  program 
manager  at  energy  industry  giant  Halliburton.  In  other  words, 
involve  customers  and  suppliers  in  a  business  ecosystem  that 
provides  such  high  value,  so  simply,  few  would  leave  it. 

“We  want  our  customers  to  be  so  enamored  with  our  simple  processes,  ease  of 
use  [and  value  provided  through  the  portal]  that  they  would  never  switch  from 
Halliburton  based  on  marginal  price  differences,”  Lackey  says. 

That's  the  vision  Lackey  followed  as  he  oversaw  the  initial  development  of  the 
myHalliburton.com  customer  portal,  and  that  guides  him  as  he  conjures  up  new 
ideas  for  how  to  extend  the  portal’s  usefulness.  Halliburton  has  now  invested 
approximately  $5.3  million  in  myHalliburton.com  and  has  earmarked  $2.4  mil¬ 
lion  annually  for  ongoing  development  of  the  portal,  already  rich  with  interac¬ 
tive  tools,  collaborative  applications  and  e-commerce  capabilities  that  draw  on 
the  company’s  back-end  ERP  system. 

MyHalliburton.com,  commercially  launched  in  January  2002,  has  become  the  des¬ 
tination  of  oil  company  technical  specialists  and  procurement  and  accounts 

See  Halliburton,  page  54 
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Real  storage  management  Meeting  user  data  storage 

v  :  •  :'v 

demands  is  becoming  increasingly  more  difficult  with  tighter  V . 

budgets  and  fewer  resources.  As  distributed  environments  . 

... 

migrate  toward  a  more  centralized  management  approach,  ^  ^ 
pressure  has  been  placed  on  the  ISV  software,  which  is  unable 
to  provide  a  "singular  interface"  to  manage  the  data  and 
its  supporting  physical  resources.  Join  keynote  speaker, 

W.  Curtis  Preston  and  leading  storage  software  and  hardware 
companies  as  they  respond  to  this  burgeoning  requirement 
in  our  upcoming  NSU  entitled:  Storage  Management 


Who  should  attend  this  FREE  seminar? 


•  IT  professionals  responsible  for  ensuring  data  availability 
and  for  implementing  enterprise  storage  strategies 

•  Those  who  influence  and  make  critical  technology  decisions 
for  their  company 

•  Professionals  who  know  that  smart  technology  decisions 
require  the  best  technology  partners 


For  more  detailed  information  visit  bur  website  at 

www.NetworkStorageU.com 
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emerging  applications. 

:  A  point  of  differentiation  between  myHalliburton. 

com  arid  many  other  portals  is  how  tightly  it  integrates 
with  a  back-end  ERP  system  —  in  this  case,  SAP's  R/3. 
Plumtree  Gadget  Web  Services,  special  Web  services 
components,  pull  data  from  the  SAP  application  to  give 
portal  users  the  ability  to  check  account  status,  sub¬ 
mit  invoices  and  conduct  other  business  transactions. 

Lackey  says  he  feels  inyHalliburton.com  is  one  of 
the  bigger  payoffs  from  a  previous,  five-year  ERP 
deployment.  “You  really  begin  to  understand  the  ben¬ 
efits  of  putting  in  an  integrated  SAP  system  when  you 
start  presenting  information  to  customers,  employees 
and  suppliers  through  a  portal  like  this.  It  becomes 
evident  why  you  went  through  all  the  pain,”  he  says. 

“The  portal  is  the  key  to  the  delivery  for  all  of  our 
new  IT  initiatives,"  adds  Art  Huffman,  company  CIO. 
“We  have  spent  the  last  several  years  implementing 
ERP  and  data-capturing  systems.  We  will  spend  the 
next  several  providing  visibility  into  that  information, 
analyzing,  interpreting,  reporting  and  measuring  it  to 
drive  our  business.  The  portal  will  provide  that  cus¬ 
tomized  and  personalized  platform  for  our  employ¬ 
ees,  managers,  customers  and  suppliers  to  interact 
with  each  other  in  a  common  environment,  hiding 
our  complex  IT  functions  in  the  background.” 

Halliburton  wins  our  2003  Extended  Enterprise  Inno¬ 
vator  Award  for  developing  an  extensive  collaborative 
portal  that  relies  on  integrated  ERP  functions  to  serve 
customers,  suppliers  and  employees.  In  its  first  year,  it 
influenced  $120  million  in  sales,  according  to  customer 
surveys;  improved  corporate  efficiencies  to  the  tune  of 
about  $500,000  by  enabling  better  access  to  technical 
documents;  and  led  to  reduced  payment  cycles. 

Using  explosive  apps 

Halliburton  is  one  of  the  world's  largest  providers  of 
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products  and  services  to  the  oil  and  gas  industries, 
employing  more  than  85,000  people  in  100  countries. 
The  company’s  extensive  customer  list  includes 
giants  such  as  ExxonMobil,  Chevron  and  Conoco, 
which  turn  to  it  for  products  and  services  running 
the  gamut  from  drill  bits  to  subsea  engineering.  With 
complexity  marking  the  relationship  between 
Halliburton  and  its  customers.  Lackey  knew  any 
broad  customer-related  project  he  undertook  would 
need  to  be  exceedingly  thorough  to  be  successful. 

So  after  Lackey  and  his  business  development 
team  dreamed  up  the  portal  concept  in  November 
2000,  they  spent  the  next  three  months  fleshing  it 
out.  Then,  guided  by  Microsoft  Solutions  Frame¬ 
work  Process  Model  for  IT  projects,  developers 
worked  on  the  portal  from  March  to  August  2001, 
and  ran  stabilization  and  pilot  tests  till  the  end  of 
September.  Feedback  came  from  the  highest  corpo¬ 
rate  levels,  with  the  vice  president  of  business 
development  providing  approvals  as  project  spon¬ 
sor.  The  site  was  available  to  select  customers  in 
October  2001,  and  to  all  by  the  following  January. 

Developers  focused  first  on  how  to  provide  cus¬ 
tomer  techies  —  the  geologists,  geophysicists  and 
production  engineers  working  for  major  oil  compa¬ 
nies,  for  example  —  access  to  technical  information 
on  the  “thousands  and  thousands”  of  products  and 
services  Halliburton  offers  from  a  user-friendly,  per¬ 
sonalized  environment,  Lackey  says.  White  papers, 
datasheets,  case  studies,  best  practices  —  these  were 
all  givens,  but  so  was  the  need  for  interactivity. 
Developers  understood  that  technologists  would 
highly  value  3-D  simulators,  unit  conversion  calcula¬ 
tors,  custom-tool  builders  and  other  interactive  tools, 
so  made  those  must-haves  from  the  get-go,  too. 

“This  is  not  your  typical  sales  and  marketing 
brochure  ware  site,”  Schmitzer  says.  He  tells  of  sim¬ 
ulators  that  let  engineers  see  how  explosives  would 
fire  off  in  a  borehole  or  how  a  perforation  might 
affect  an  operation,  for  example. 

Among  all  the  features  and  functions  found  in  the 
technical  portion  of  myHalliburton.com,  Lackey 
names  these  3-D  tool  simulators  and  the  way  in 
which  they’re  embedded  in  datasheets  as  what  he 
is  most  proud  of  about  the  portal.  “This  leverages 
all  the  value  of  the  Web  in  my  mind.  Now  we  have 
truly  interactive  technical  content,”  he  says. 

Such  interactivity  can  make  a  world  of  difference  in 
how  oil  company  engineers  do  their  jobs,  “We've 
seen  situations  where  customers  having  issues  with 
particular  drilling  tools  have  isolated  problems  really 
fast  using  simulators.  In  some  cases,  using  the  simula¬ 


tors,  customers  have  even  realized  that  problems 
they’re  encountering  are  because  of  the  well,  not  the 
drilling  tools,”  Lackey  says. 

And  when  oil  field  engineers  need  to  make  tough  on- 
the-job  decisions,  they  can  rely  on  real-time  visualiza¬ 
tion  of  well  sites  available  through  the  portal.  Schmitz¬ 
er  explains;  At  a  well  site,  Halliburton  often  has  30  to 
40  networked  trucks  loaded  with  equipment  for  data 
acquisition,  computer-aided  manufacturing  capabili¬ 
ties  and  an  Ethernet  connection  into  a  main  computer. 
Halliburton  processes  the  data  locally  and  uploads  it 
to  an  operations  center  in  Houston  over  satellite  links. 
It  analyzes  it  to  make  recommendations  to  customers, 
who  use  the  visualizations  for  confirmation  on  pump¬ 
ing  decisions.  “These  are  $1  million  jobs,  so  cus¬ 
tomers  want  to  make  decisions  quickly,”  he  says. 

Getting  the  bills  paid 

With  such  online  technical  tools  advanced  since  Jan¬ 
uary,  Halliburton  in  July  moved  into  the  second  phase 
of  development.  The  object  of  this  phase,  mostly  com¬ 
pleted  by  December,  was  to  open  Halliburton’s  inter¬ 
nal  workflow  processes,  via  ERP  functions,  to  custom¬ 
ers,  Lackey  says.  Customer  procurement  officers  and 
accounts  payable  managers  can  now  access  and  act 
on  invoices,  field  tickets,  job  schedules,  job  resources 
and  proposals  stored  in  Halliburton’s  ERP  system. 

“Plumtree  gadgets  let  us  take  applications  from  di¬ 
verse  back-end  systems  and  present  them  through 
the  portal  in  a  uniform  and  easy-to-use  fashion,”  Le- 
Blanc  says,  noting  that  myHalliburton.com  attaches 
to  more  than  200  applications. 

Anecdotal  evidence  suggests  that  letting  portal 
users  tap  into  back-end  ERP  functions  helps  cus¬ 
tomers  pay  their  bills  faster.  Halliburton’s  on-site 
support  personnel  report  reviewing  invoices  online 
with  customer  account  managers  rather  than  wait¬ 
ing  for  the  arrival  of  mailed  copies.  Online  reconcili¬ 
ation  means  payment  days  earlier,  Lackey  says. 

With  Halliburton’s  high-end  products,  “reducing  even 
just  one  day  in  outstanding  sales  will  deliver  signifi¬ 
cant  value,”  he  adds.  (Lackey  says  purchases  run  in 
the  hundreds  of  thousands-to-millions  range.) 

Halliburton  hopes  to  reap  even  greater  benefits  by 
extending  the  procurement  workflow  cycle  to  all  cus¬ 
tomers.  Ideally,  any  customer  would  be  able  to  han¬ 
dle  any  aspect  of  the  procurement  process,  from 
issuing  a  request  for  proposal  to  paying  the  bill, 
through  the  portal,  Lackey  says.  Halliburton  con¬ 
forms  to  the  American  Petroleum  Institute’s  XML- 
based  electronic  data  standards  for  the  procurement 

See  Halliburton,  page  56 


Technology  entanglement 

Halliburton  relies  on  Plumtree  Gadget  Web  Services  to  deliver  rich  portal  functionality. 
These  special  Web  services  components  pull  data  from  an  SAP  R/3  ERP  system  for: 
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Microsoft  SQL  Servers  for  SAP  database  and 
enterprise  application  integration  software 


Building  better  network : 
today  and  tomorrow. 

Help  lower  your  organization's  operational  and  f! 
maintenance  costs,  and  improve  productivity 
with  3Com  networking  solutions.  3Com  gives 
you  a  choice  in  voice  and  data  networking 
technologies,  wired  or  wireless,  modular 
or  stackable.  Whatever  your  networking 
environment,  3Com  offers  high  performance, 
practical-to-use,  innovative,  cost-effective 
enterprise  solutions  that  can  be  customized  to 
meet  your  current  and  future  business  needs. 

•  Build  a  distributed  core  network  that  allows 
you  to  incrementally  add  value  to  your 
infrastructure  one  piece  at  a  time  so  you  can 
avoid  getting  locked  into  an  expensive  chassis- 
based  system  that  doesn't  fit  your  current  needs. 

•  Deploy  solid  network  security  that  includes 
hardware  firewalls  for  individual  laptops  and 
desktops,  and  provides  hardcore  solutions  for  the 
rest  of  your  network. 


•  Revolutionize  your  organization's  infrastructure 
with  IP  Telephony  for  maximum  economic  and 
resource  efficiency. 


Needs  to  optimize  the  network  on  a  budget. 
Needs  to  plan  for  the  future. 


•  Help  improve  productivity  with  a  wireless 
network  that  encompasses  WLAN  and 
Bluetooth. 


Needs  choices. 


3Com  offers  compelling  networking  solutions  for 
education,  state  and  local  governments, 
and  businesses. 

Visit  www.3com.com/needs3com10 
or  call  1-888-906-3266  ext.  525. 

•  Find  out  more  about  networking  solutions 
from  3Com 

•  Download  a  FREE  Enterprise  LAN  Core 
Switching  Guide 


LAN  Infrastructure 


Network  Jack  Mobility  &  Wireless  Security  Solutions  Networked  Telephony 


Gp^. 

3Com 

Possible  made  practical" 


©  2003,  3Com  Corporation,  all  rights  reserved  3Com.  and  the  3Com  logo  are  registered  trademarks,  and  Possible  made  practical  is  a  trademark  of  3Com  Corporation 


mi 


r/v  f- 

■  . 

if ^  '  X  V;  • 


The  Extended  Enterprise  Issue 


A- 


Sah.As  suck  it.can  conduct  busi- 


purchase  orders  that  we  can  turn  into 
sales  orders,"  Schmitzer  says.  Missing 
is  the  ability  to  let  customers  that 
don't  comply  with  these  standards 
participate  fully  in  the  process.  Those 


V.^csS  transactions  with  customers  that  customers  cannot  use  the  custom  tool 
;V;  cpmpjy  with  the  standards.  "We  can  configuration  feature  or  a  pricing  tool. 
•‘fVr-'.l  sepjg  a  quote,  and  they  can  send  us  he  says. 


Customers  and  suppliers  together 

Collaboration,  supported  via  Plum- 
tree’s  Collaboration  Server,  is  among 
the  most  critical  features  for  both  tech¬ 
nical  and  business  users.  From  myHalli- 
burton.com,  customers  and  Halliburton 
employees  can  share  documents  secur¬ 
ely,  participate  in  threaded  discussions 


APPLICATION  TRAFFIC  MANAGEMENT 
FROM  F  5  NETWORKS. 


a  revolutionary  new  method  for  providing  high  availability, 


security,  scalability  and  optimized  performance  for  enterprise 


applications,  mobile  computing  and  Web  services. 


SMART.  REALLY  SMART. 

It’s  the  only  product  that  can  inspect  IP  traffic  down  to  the  packet 
payload  level.  Relevant  information  can  then  be  extracted  to  make 
intelligent  decisions  for  directing  traffic  according  to  each  application 


MORE  ZOOM. 

New  intelligence  requires  more  horsepower.  BIG-IP  has  what  it  takes  - 
powerful  offloading,  inspection  and  processing  of  Layer  7  application-level 
transactions  that’s  faster  than  any  other  product  on  the  market. 


EXTREMELY  SECURE. 

It  is  the  first  solution  that  can  automatically  respond  to,  act  upon  and  prevent  ever 
changing  application  security  threats  —  providing  a  coordinated  line  of  defense  while 
making  the  most  of  existing  network  security  products. 


and  access  calendars  for  coordinating 
project  logistics.  These  functions,  too, 
are  delivered  via  the  gadget  services. 

Opening  that  collaboration  between 
employees  and  customers  to  suppliers 
is  a  likely  target  for  third-phase  devel¬ 
opment,  Lackey  says.  “There  is  a  lot  of 
future  in  24-hour  expert  access  and 
third-party  collaboration,”  he  says. 

True  supply-chain  interaction  is  the 
goal,  made  possible  by  the  merger  of 
the  supplier  and  employee  portals  into 
myHalliburton.com,  he  adds. 

LeBlanc  agrees  that  increased  collab¬ 
orative  capabilities  are  a  natural  for  the 
portal.  “Employees,  vendors,  custom¬ 
ers  —  it’s  all  related  workflow.  We  pro¬ 
vide  such  unique  engineering,  that  it 
sometimes  is  helpful  for  the  customer, 
supplier  and  us  to  participate  in  discus¬ 
sions,”  she  says. 

Opening  the  architecture 

While  Lackey  is  spending  the  first 
quarter  of  2003  researching  and  plotting 
his  next  moves  for  the  portal,  LeBlanc 
and  Schmitzer  are  continuing  to  work 
on  software  and  hardware  changes 
needed  to  support  the  increasingly  siz¬ 
able  portal  environment.  About  70  Win¬ 
dows  servers  handle  the  portal  work¬ 
load,  with  the  Plumtree  portal  software 
integrating  data  from  Microsoft  data¬ 
bases  and  Web  content  servers,  and 
from  BEA  Systems’  application  servers. 

All  servers  currently  reside  in  Hous¬ 
ton,  where  the  company  is  headquar¬ 
tered.  But  the  developers  are  investi¬ 
gating  the  feasibility  of  adding  servers 
in  Latin  America,  Europe  and  the  Paci¬ 
fic  Rim  to  improve  portal  performance 
for  those  who  have  less-than-optimal 
bandwidth  connections,  LeBlanc  says. 
An  upcoming  version  of  the  Plumtree 
software  will  enable  Halliburton  to 
push  content  to  local  servers  while 
maintaining  the  files  centrally. 

LeBlanc  also  envisions  moving  to  a 
more  open  architecture  than  the  Micro¬ 
soft-centric  one  of  today.  “An  open 
architecture  inherently  provides  a  bet¬ 
ter  way  of  attaching  to  our  disparate 
systems,"  she  says. 

While  Linux-powered  servers  is  a 
probable  direction,  LeBlanc  says  her 
focus  for  this  year  is  on  migrating  ap¬ 
plication  development  from  the  Micro¬ 
soft  world  of  Active  Server  Pages  to 
Java  programming.  "The  portal  envi¬ 
ronment  is  getting  so  large  it’s  becom¬ 
ing  difficult  to  make  dramatic  changes. 
We  have  to  think  of  the  cost  benefits 
[of  open  source],”  she  says. 

According  to  Lackey,  Halliburton  has 
spent  $5.3  million  on  the  portal.  It  in¬ 
vested  $2.9  million  in  the  portal  pro¬ 
ject's  first  year  for  software  and  hard¬ 
ware  expenditures,  and  had  a  $2.4  mil¬ 
lion  project  budget  for  2002,  he  says. 
Spending  for  this  year  will  remain  at 
that  level,  he  adds. 

Every  dollar  spent  toward  entangling 
customers  with  benevolence  is  well- 
spent,  Lackey  says.  “This  is  something 
all  companies  should  do.”  ■ 
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f  You  want  a  defragger 

designed  by  system  experts. 

Here’s  why:  Defragmenters  touch  critical  files 
on  hard  drives  throughout  your  enterprise.  You 
need  one  that  will  deploy  effortlessly  without 
compatibility  surprises.  You  want  proven  technology 
from  Windows  experts. 
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Defrag  Manager™  was  created  by  the  Winternals 
design  team,  makers  of  the  most  powerful  line  of  Windows 
system  utilities  on  the  planet  —  and  it  shows.  Install  Defrag 
Manager  on  just  one  system  and  you  can  optimize  every 
Windows  XP®  2000®  and  NT®  system  in  your  enterprise.  It’s 
ingenious.  It’s  automatic.  It’s  as  trouble-free  as  you  can  get.  And 
it  delivers  an  ROI  in  just  weeks. 

Your  enterprise  needs  a  defragger.  Don’t  settle  for  old  technology. 
Go  with  the  defragger  designed  by  the  people  who  know  Windows. 


Learn  More! 

1-800-408-8415 
www.  winternals  .com 


©  2003  Winternals  Software  LP.  All  rights  reserved.  Winternals  is  a  registered  trademark  of  Winternals  Software  LP.  Defrag  Manager  is  a  trademark  of  Winternals  Software  LP. 
Windows  XP,  Windows  2000,  and  Windows  NT  are  registered  trademarks  of  Microsoft  Corporation  in  the  US  and/or  other  countries. 


These  days,  providing  top-rate  service 
tending  customer-relationship  apps  tc 
users  are  —  be  that  a  hotel  off  Highwa 


ing  office  on  Route  12 


■  BY  ANN  BEDNARZ 

“The  check-in  line  was  too  long.” 

“We  didn’t  get  enough  towels.” 

“This  room  is  too  close  to  the  elevator.” 

Complaints  are  a  fact  of  life  in  the  hospitality  business.  Hotels 
can’t  hope  to  satisfy  all  guests  during  every  moment  of  their 
stay  But  a  hotel  can  control  how  its  employees  handle  guest 
requests,  with  the  help  of  a  CRM  system. 

In  the  past,  individual  Sheraton  hotels  devised  their  own  sys¬ 
tems  for  dealing  with  complaints  — “including  writing  them 
down  on  the  back  of  a  napkin,”  says  Kevin  Vaughan,  a  senior 
vice  president  with  the  IT  division  at  Sheraton’s  parent  company, 
Starwood  Hotels  &  Resorts  Worldwide,  in  White  Plains,  N.Y 

Last  year,  Starwood  decided  to  formalize  the  process.  Using 
application  server  software  from  IBM  and  interactive  client 
software  from  Nexaweb  Technologies,  the  IT  group  built  a  Web- 
based  application  that  logs  and  tracks  guest  problems  through¬ 
out  200  Sheraton  hotels  in  North  America. 

The  application  gives  Starwood  new  visibility  into  problems 
that  guests  experience.  While  Starwood  had  other  corporate 
systems  in  place  to  collect  and  analyze  transaction  data  and 
customer  demographics,  it  was  missing  this  piece  of  the  CRM 
puzzle.  Extending  CRM  to  the  farthest  corners  of  the  Sheraton 
properties  lets  Starwood  witness  even  the  most  mundane  cus¬ 
tomer  requests  and  use  the  data  to  construct  a  chainwide  view 
of  customer  satisfaction. 

Similarly,  financial  services  firm  Household  International 
decided  to  provide  CRM  applications  at  its  outposts  —  1,500 
branch  offices  in  42  states  where  employees  sell  consumer 
mortgages,  loans  and  credit  products.To  handle  CRM  at  the 
branches,  the  company  installed  network  gear  from  Vertical 
Networks  that  turned  each  branch  into  a  call  center,  with 


advanced  call  routing,  monitoring  and  reporting  features. 

In  both  cases,  IT  executives  undertook  the  CRM  projects  to 
meet  corporate  performance-improvement  objectives  and  to 
make  life  easier  for  employees  working  directly  with  cus¬ 
tomers.  Success  of  CRM  projects  rests  on  the  latter,  experts  say. 

CRM  is  known  for  being  complex,  expensive  and  often  disap¬ 
pointing  —  a  reputation  earned  in  its  early  days  when  compa¬ 
nies  tried  to  overhaul  massive  customer  systems  in  one  fell 
swoop. Today,  experts  advocate  short,  focused  CRM  projects 
with  clear  objectives.  AMR  Research  says  companies  that  don’t 
use  CRM  to  boost  productivity  on  day-to-day  tasks  “are  con¬ 
structing  an  expensive  house  of  cards  that  will  likely  topple.” 

Customer-focused  initiatives  are  particularly  important  in  a 
poor  economy“CRM  is  more  crucial  in  times  of  weak  spend¬ 
ing,  as  companies  need  to  find  ways  to  attract  and  retain  cus¬ 
tomers,”  says  Kelly  Spang  Ferguson,  analyst  at  Current  Analysis. 

The  Sheraton  way 

Starwood’s  customer-response  system,  called  StarGuest,  com¬ 
plements  Sheraton’s  broader  Service  Promise  program,  which 
ensures  guests  a  great  stay  or  the  hotel  will  make  it  up  with  a 
gift  certificate,  loyalty  points  or  refund. 

Consistency  is  a  key  aspect  of  Sheraton’s  Service  Promise 
program.  If  someone  at  a  Sheraton  hotel  in  Seattle  receives  a 
gift  certificate  after  a  poor  experience  with  room  service, 
Starwood  wants  the  same  reward  system  to  be  applied  to  simi¬ 
lar  situations  in  Boise,  Boston,  Baton  Rouge  and  at  every 
Sheraton  in  between. 

The  Web-based  StarGuest  application  is  one  means  of  enforc¬ 
ing  consistency.  If  a  guest  registers  a  problem  or  complaint,  a 
hotel  staffer  enters  the  information  into  StarGuest  using  a  PC 
or  mobile  device. The  system  identifies  fair  compensation, 
based  on  preset  conditions;  alerts  hotel  employees  with  appro- 
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priate  skills,  via  e-mail,  to  the  tasks  that  need  to  be  completed;  and 
tracks  the  problems  resolution. Once  a  problem  is  resolved, a  hotel 
employee  closes  the  trouble  ticket  in  the  application. 

For  the  hotels,  the  StarGuest  application  provides  a  way  to  expedite 
problem  resolution  and  provides  a  tool  for  spotting  problem  areas.  For 
example, an  unusual  number  of  housekeeping  complaints  concentrated 
on  the  1 1th  and  12th  floors  might  indicate  that  a  new  staff  member 
needs  more  training, Vaughan  says. 

“Instead  of  finding  out  a  month  later  when  the  property  gets  its  cus¬ 
tomer-satisfaction  scores,  the  manager  has  real-time  data  to  look  at  and 
see  what’s  going  on,”  he  says.  A  problem  can  be  corrected  before  a 
guest  leaves  unhappy  and  more  guests  are  affected. 

Using  StarGuest  s  centralized  reporting  features, Starwood  can  spot 
trends  and  identify  problems  at  a  chainwide  level. “If  there  are  15  or  20 
hotels  with  recurring  plumbing  problems,  that  s  something  that  might 
need  to  be  addressed  in  the  capital  budget,”  Vaughan  says. 

Technologically,  the  application’s  bandwidth-agnosticism  is  its  beauty 
Hotels  that  don’t  have  broadband  Internet  access  can  use  the  applica¬ 
tion,  as  can  employees  equipped  with  wireless  handheld  devices. 
Unlike  the  case  with  many  CRM  applications,  functionality  isn’t  com¬ 
promised. This  is  because  of  the  Nexaweb  Smart  Client  Platform,  which 
sits  on  top  of  IBM’s  WebSphere  application  server, Vaughan  says. 


ami 


Bandwidth,  thin  or  fat 

Nexaweb’s  development  tools  are  designed  for  building  distributed 
applications  with  interactive  clients,  such  as  Starwood’s  StarGuest  appli¬ 
cation.  Unlike  typical  browser-based  applications  that  require  multiple 
round-trips  between  Web  server  and  client  devices  to  render  screens, 
Nexaweb’s  “user  interface  server”  uses  a  device’s  local  processing  power 
to  execute  code  within  a  single  screen  and  without  multiple  client 
downloads.  By  replacing  the  user  interface  portions  of  Java  Server 
Rages  code  with  XML-based  User  Interface  Language,  Nexaweb  can 
achieve  a  desktop-like  performance  over  even  thin  network  connec¬ 
tions  and  speeds,  the  company  says. 

The  system  works  with  Starwood’s  existing  infrastructure  and  lets  the 
company  lower  its  operational  costs  associated  with  developing  and 
managing  Web-based  applications, Vaughan  says.  Before  availability  of 
the  StarGuest  application,  a  handful  of  hotels  had  bought  software  on 
their  own  for  tracking  guest  requests  —  duplicating  efforts  throughout 
the  process  of  acquiring  and  deploying  packaged  software, Vaughan 
says.“lt  was  clear  that  a  system  that  was  at  an  individual  property  level 
was  not  the  right  answer,”  he  says. 

For  now,  StarGuest  is  a  stand-alone  application.  But  down  the  road, 
Starwood  plans  to  integrate  StarGuest  with  its  other  CRM  systems.This 
way  if  an  employee  were  to  type  in  “Room  411”  the  application  would  be 
able  to  tap  into  transaction  systems  and  immediately  identify  who  the 
guest  was,  if  the  guest  was  a  frequent  visitor  and  the  guest’s  personal 
preferences,  he  says.  And  if  a  guest  had  a  problem  during  a  stay,  the  soft¬ 
ware  automatically  could  prompt  marketing  employees  to  follow  up 
with  a  personal  note,  apologizing  for  the  problem  and  offering  an 
incentive  to  return,  such  as  a  free  upgrade  to  a  suite. 

A  broader  deployment  also  is  on  tap.  Starwood  has  deployed  test  ver¬ 
sions  of  StarGuest  to  some  of  its  W  and  Westin  properties, Vaughan  says. 
This  year,  progress  will  continue  at  these  chains. 


The  Household  approach 

Like  Starwood,  Household  International  wanted  a  clearer  view  of  how 
employees  in  remote  offices  were  handling  customers.The  Prospect 
Heights,  111.,  company  wanted  to  be  able  to  monitor  consumer  lending 
sales  staff  and  see  how  employees  were  chasing  sales  leads. 

As  it  was,  Household  had  no  insight  into  the  specific  activities  of 
salespeople  at  the  branches.  Household’s  corporate  marketing  efforts 
were  generating  5  million  leads  per  month,  but  only  40%  of  those  leads 
were  being  worked  actively,  says  John  Armstrong,  managing  director  of 
networked  systems  at  Household. 

While  Household’s  large  corporate  call  centers  had  tools  to  manage 


agent  productivity,  the  branches  didn’t,  he  says.The  business  challenge 
was  “to  make  10,000  remote  agents  appear  as  if  they  were  all  in  one 
call  center  and  do  all  the  things  that  we  normally  would  do  in  a  call 
center^  Armstrong  says. 

However,  to  do  so  required  more  than  the  average  CRM  application. 
Each  branch  needed  advanced  call-center  features,  such  as  call  rout¬ 
ing,  call  monitoring  and  automatic  sales  prompts  that  pop  up  on 
agents’  screens. 

Consolidating  sales  functions  into  regional  call  centers 
was  an  option,  but  Household  found  that  customers  pre¬ 
ferred  to  deal  with  local  branches.The  company  also 
explored  a  few  options  for  bringing  call-center  features  to 
its  branches, such  as  predictive  dialer  systems,  traditional 
PC-based  solutions,  and  pure  IP  PBXs.  It  selected  Vertical 
Networks’  InstantOffice  platform  and  started  deploying  the 
gear  in  November  2001  —  at  a  pace  of  200  branch  offices 
per  month. 

The  InstantOffice  gear  let  Household  revamp  and  con¬ 
solidate  its  voice  and  data  communications  on  a  single 
IP  PBX.  In  the  process,  Household  upgraded  its  branches 
from  56K  bit/sec  WAN  connections  toT-1  lines  that  car¬ 
ried  voice  and  data  traffic.The  system  delivers  the  call- 
management  capabilities  that  Household  needed,  Arm¬ 
strong  says.“We  know  when  the  salespeople  are  calling, 
how  much  time  they’re  spending  on  the  phone  and  which 
accounts  they’re  really  working,”  he  says.“In  addition,  we’re 
getting  more  information  about  our  customers." 

Today  branches  can  handle  inbound  and  outbound  call¬ 
ing  activities  locally  and  corporate  can  capture  the  data  it 
needs.“Not  only  can  the  branches  be  their  own  call  cen¬ 
ters,  but  collectively  they  can  look  like  one  big,  virtual  call 
center,"  Armstrong  says. 

With  better  sales  lead  management  tools  —  and  greater  accountability 
to  corporate  higher-ups  —  the  sales  teams  reached  Household’s  goal  of 
increasing  sales  by  15%  to  20%  last  year,  Armstrong  says. 

Eventually,  the  system,  which  is  tied  to  Household’s  new,  internally 
developed  computer-telephony  application,  will  incorporate  caller-iden¬ 
tification  information  so  that  a  loan  agent  automatically  will  have 
access  to  customer  records  when  calls  arrive,  he  says. 

Also  on  deck  are  automatic  call-scheduling  features  for  providing 
loan  updates  to  customers  and  the  ability  to  place  phone  calls  from  an 
agent’s  PC  via  the  CRM  system  interface. 

The  system  costs  $12  million  —  but  it’s  been  paying  for  itself  since  the 
start,  Armstrong  says.The  net  is  actually  positive.  We  took  out  more 
costs  than  we  added  to  this  equation,”  he  says. 

At  the  same  time,  Household  managed  to  increase  the  data  band¬ 
width  at  each  branch.  Now  Household  plans  to  deploy  more  band¬ 
width-intensive  applications  to  its  branches,  including  image-heavy 
appraisal  software,  document  management  and  enhanced  e-mail  soft¬ 
ware,  Armstrong  says. 


Simplicity,  consistency 

Armstrong’s  advice  to  other  companies  considering  branch-office 
CRM  projects  is  to  keep  things  simple.  Adhering  to  a  standard  configu¬ 
ration  for  all  1,500  branches  let  Household  deploy  the  Vertical  gear 
quickly  and  support  it  remotely. 

He  also  advocates  minimizing  the  amount  of  change  to  remote  sales 
agents’  habits.  From  the  agents’  perspective,  Household’s  new  sales  lead 
management  system  looks  a  lot  like  the  old  one,  he  says. 

The  plan  is  to  add  features  gradually  as  users  become  accustomed  to 
the  new  system. 

Similarly,  Starwood’s  CRM  project  is  all  about  consistency.  By  reduc¬ 
ing  the  number  of  applications  individual  properties  choose  inde¬ 
pendently,  Starwood  is  conserving  development,  deployment  and 
maintenance  efforts. 

These  kinds  of  decisions  make  for  a  successful  CRM  project.  ■ 
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Education: 

In  classes  or  on  a  school 
intranet,  VBSTAR  receives 
and  stores  DVD  quality 
video,  eliminating  the 
need  for  videotapes,  CDs, 
and  disks.  Lectures  and 
other  scholastic  events 
are  available  for  on- 
demand  viewing  on  TVs 
and  networked  PCs. 


www.VBrick.comA/bstar.asp 
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Corporate: 

Provide  corporate  mes¬ 
sages,  training,  and  tech¬ 
nical  information  to 
remote  offices  to  be 
viewed  on  TV  monitors 
and  desktops.  DVD 

quality  video  improves 
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corporate  communica¬ 
tions  over  any  network. 
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Advertising: 

Locate  remote  VBSTARs  at 
retail  outlets,  trade  shows, 
or  other  public  locations. 
Record  your  content  with 
VBSTAR  and  transfer  the 
video  to  remote  VBSTARs. 
Deliver  timely  advertising 
messages,  maximizing  sales 
and  focusing  customer 
mind  share. 
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VBSTAR  is  a  revolutionary  new  video  product  from  VBrick  Systems!  VBSTAR  streams  live  MPEG-2 
video  over  your  network,  records  the  video  to  an  internal  hard  drive,  then  sends  it  over  the  Internet 
ready  for  playback  anywhere,  anytime. 


REST 


Before  choosing  SOAP 
for  your  extended 
enterprise’s  Web 
services,  consider 
Representational  State 
Transfer. 


■  BY  ROBERT  MCMILLAN 

Is  Web  services  development  too  complicated?  A  small 
but  influential  group  of  Web  developers  thinks  so. These 
developers  advocate  a  new  approach  —  one  they  say  is 
simpler  than  the  World  Wide  Web  Consortium’s  Simple 
Object  Access  Protocol-based  model  favored  by  applica¬ 
tion  development  tool  makers  such  as  BEA  Systems,  IBM 
and  Microsoft. This  new  architectural  approach,  called 
Representational  State  Transfer,  also  results  in  more  scal¬ 
able  code,  they  say 

Among  the  more  noteworthy  REST  backers  are  Roy 
Fielding,  chair  of  the  Apache  Foundation;  and  Sam  Ruby  a 
senior  developer  and  Web  services  guru  at  IBM  (although 
IBM  itself  does  not  support  REST).  And  developers  at  Web 
powerhouses  Amazon  and  Google  have  experimented 
with  REST  to  create  interfaces  to  their  popular  Web  ser¬ 
vices.  Recently  Thomson  Publishing  Asia  Pacific  used 
REST  to  create  a  Web-based  typesetting  service  for  its 
legal  publishing  group  in  Sydney  Australia. 

REST  at  work 

REST  relies  on  a  single  application  protocol  (HTTP), 
universal  resource  indicators  (URI)  and  standardized 
data  formats,  through  XML.  it  employs  established  HTTP 
methods  such  as  GET  and  POST  to  direct  applica¬ 
tions.  So  instead  of  creating  a  standard,  machine- 
readable  way  for  applications  to  discover  and  use 


application  components  on  remote  systems  —  the  way 
SOAP  is  being  used  for  Web  services  —  REST  develop¬ 
ers  use  URIs  to  create  a  common  ground  so  applica¬ 
tions  can  use  HTTP  and  XML  to  share  data.  REST  devel¬ 
opers  use  XML  documents  rather  than  application- 
method  calls  to  tell  distributed  programs  how  to  use 
each  other’s  data. 

REST  proponents  say  that  using  the  SOAP  protocol  to 
access  the  functions  of  remote  programs  directly  is 
doomed  to  suffer  from  the  same  type  of  interoperability 
problems  that  hobbled  previous  distributed  computing 
architectures  such  as  DCOM  and  Common  Object  Re¬ 
quest  Broker  Architecture. 

Security  problems  also  will  plaque  SOAP  says  Mark 
Baker,  an  independent  Web  architecture  consultant  and 
one  of  the  maintainers  of  a  REST  resource  site  for  devel¬ 
opers.  Because  firewalls  do  not  understand  the  meaning 
of  SOAP-based  Web  services  messages,  they  will  never 
let  those  messages  pass,  he  says. 

REST  messages  don’t  have  this  problem,  Baker  says, 
because  they  only  use  operations  specified  in  the  HTTP 
standard  —  operations  that  are  well-understood  by  fire¬ 
wall  applications  and  administrators.  (Vendors,  of  course, 
are  addressing  the  SOAP  issue  by  developing  Web  ser¬ 
vices  security  standards  and  products,  just  as  they  devel¬ 
oped  firewalls  and  security  standards  for  HTTP) 

REST  the  best 

Before  deciding  to  use  REST  for  its  Web-based  typeset¬ 
ting  service, Thomson  Publishing  considered  SOAP 
Developers  chose  REST  to  write  a  wrapper  around  the 
«  company’s  typesetting  software  because  it  offered  supe¬ 
rior  performance,  reliability  and  scalability  to  SOAP  says 
Hao  He,  a  Web  architect  with  the  company 
Using  the  wrapper  —  called  the  Generic  Typesetting 
System  (GTS)  — Thomson  can  now  more  easily  typeset 
documents  from  different  data  sources,  be  they  legisla¬ 
tive  bodies,  courts  or  government  agencies.“Before  using 
this  technology,  we'd  have  to  write  a  specific  solution  for 
each  new  data  source’’  He  says.“Now  we  are  able  to 
rapidly  create  RESTful  Web  services  that  reflect  typeset¬ 
ting  workflow  specific  to  Thomson.” 

REST’s  document-centric  approach  made  it  particu¬ 


larly  appropriate  for  Thomson.  With  every  new  typesetting 
job,  the  user  creates  XML  documents,  and  the  GTS  han¬ 
dles  the  rest:  feeding  the  XML  documents  into  Thomson’s 
proprietary  typesetting  system  as  it  becomes  available. 
“Although  the  system  can  only  handle  one  process  at  a 
time,  the  user  can  send  any  number  of  requests,”  He  says. 
“The  GTS  handles  resource  management  tasks,  such  as 
job  priority  and  load  balancing,  separately  and  makes  the 
overall  system  efficient.” 

A  real  sleeper 

As  positive  as  early  REST  user  experiences  have  been, 
a  lack  of  tools  is  a  big  obstacle  to  widespread  adoption, 
critics  say  As  yet,  no  big  application  development  ven¬ 
dors  have  committed  to  REST,  although  they  do  seem 
to  be  taking  it  seriously  REST  has  “some  very  important 
characteristics  that  we  are  examining,"  says  David 
Orchard,  technical  director  at  BEA. 

Still,  commitment  from  the  tool  makers  might  be  nec¬ 
essary  before  REST  makes  any  inroads.  Products  such 
as  Microsoft’s  Visual  Studio  .Net  or  IBM’s  WebSphere, 
automatically  produce  SOAP-based  Web  services. 

“From  a  product  perspective,  REST  is  almost  invisible,” 
says  Ronald  Schmeltzer,  a  senior  analyst  with  Zap  Think. 
“If  the  REST  people  want  to  have  their  day,  they’re  going 
to  have  to  get  it  into  the  tools  that  create  or  consume 
Web  services.” 

Baker  disagrees.  He  says  virtually  any  HTTP-compliant 
tool  could  be  used  to  develop  REST  Web  services. “There 
are  a  whole  lot  of  REST  tool  kits  available,  it’s  just  that 
people  don’t  know  what  they  are,”  he  says. 

The  same  tools  that  create  Java  servlets  could  be  used 
to  build  REST-based  Web  services.  Baker  says.They  fol¬ 
low  the  HTTP  specification,  and  by  following  it,  they 
implicitly  are  following  the  constraints  of  the  REST  style,” 
he  says. 

BEAs  Orchard  suggests  that  REST  might  one  day  co-exist 
with  SOAP  as  developers  seek  out  multiple  techniques  for 
Web  services  styles.“Sometimes  there  is  more  than  one 
way  to  skin  a  cat,"  he  says. 

McMillan  is  a  freelance  writer  in  San  Francisco.  He  can 
be  reached  at  bob@filbert.net. 


REST  vs.  SOAP 

Differences  between 
the  Representational 
State  Transfer  and 
Simple  Object  Access 
Protocol-based 
approaches  to  Web 
services  development. 


Standards 

REST  promises  to  make 
Web  services  available 
using  existing  Internet 
standards. 

The  SOAP-based 
approach  involves  a 
range  of  emerging 
standards,  not  all  of 
which  will  be  adopted. 


Tools 

Many  development  tools 
support  REST  standards 
such  as  HTTP  and  XML, 
but  commercial  REST 
tools  don’t  exist. 

Application  tool  vendors 
are  building  SOAP-based 
pro-ducts  aimed  at 
making  the  development 
and  deployment  of  Web 
services  as  easy  as  any 
other  kind  of  application 
development. 


Developer  support 

REST  developers  are  in  the 
minority,  and  most  vendors  say 
enterprise  users  aren't  demand¬ 
ing  REST  services  yet.  But  REST 
is  generating  a  buzz,  and  is  poised 
to  capitalize  on  any  market  senti¬ 
ment  that  SOAP-based  Web 
services  are  overhyped. 

Major  application  development 
tool  vendors  BEA  Systems,  IBM 
and  Microsoft  offer  SOAP- 
based  kits  for  Web  services 
development. 


Security 

REST  advocates  say  their 
way  of  doing  Web  services 
is  more  secure  because  of 
its  reliance  on  the  Internet’s 
existing  security  infra¬ 
structure. 

The  SOAP  security  story 
still  is  developing,  but  it 
promises  to  give  adminis-  A  .  , 
trators  greater  control  over  .  ^  ?  • 
who  accesses  Web  services-,' 
and  what  rights  those  users,  r-. 
have. 


it  a  Sways  happens  with  the  last  piece... 


You  know  what  you  need,  but  you  just 
can't  find  it. 

Your  data  center  is  growing,  faster  than  your  resources. 
You  need  hands-on  control  of  your  local  server  racks  as 
well  as  the  servers  at  different  locations.  How  do  you 
complete  the  picture? 

With  one  of  Avocent's  enterprise-class  KVM  switches. 
Our  solutions  are  specifically  tailored  to  your  unique 
server  management  requirements. 


Direct  access  to  multiple  servers  from  your  data  center. 
Standard  IP  access  to  servers  in  any  location  world¬ 
wide.  Custom  configuration  for  the  level  of  access  and 
control  you  need.  Streamlined  cable  management. 
Feature-rich  software  designed  for  easy  installation 
and  system  administration. 

Now  you've  got  the  whole  picture.  Avocent's  advanced 
analog  and  digital  KVM  solutions  -  a  perfect  fit  for  your 
server  room. 


Download  our  free  whitepaper  KVM  for  the  Enterprise  at 
www.avocent.com  or  call  us  at  1-866-AVOCENT  (286-2368),  ext.  3006. 
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When  things  go  wrong 
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The  AlterPath"  ACS  family  of  Advanced  Console  Servers  provides 
IT  professionals  a  universal  gateway  for  server  and  network 
management.  Now  you  can  manage  your  data  center  with  the 
tools  you  need  for  those  unplanned  downtimes  -  anywhere,  anytime. 

Featuring  two  PCMCIA  slots  for  enhanced  functionality,  the 
AlterPath“ACS  supports  many  PC  cards,  including  Ethernet, 
modem  (V.90,  ISDN  and  GSM)  and  wireless  LAN.  The  dual  power 
supply  provides  extra  reliability  to  the  console  server,  ensuring 
availability  during  critical  times. 

The  AlterPath'"  ACS  provides  IT  managers  and  system  administrators 
an  alternative  access  path  to  the  data  center,  allowing  higher 
network  uptime. 


and  network 
with  Cyclades 


PP 

Server  and  Network  Management 
Industrial  /  Commercial  Automation 
Ethernet-attached  Serial  Board  Replacement 


Benefits: 

Security  (  ,  IP  Filtering,  RADIUS  ) 

Redundancy  (dual  power  supply) 

Flexibility  to  support  existing  and 
future  interface  types  (PCMCIA  support) 
Flexibility  and  rock-solid  stability  (Linux  Inside) 
Rack  space  savings  (1 U  form  factor) 

Network  monitoring  (Off-line  data  buffering) 


-^JJfc-Get  your  FREE  "Guide  to  Console  Management"  booklet  at  www.cyclades.com/cas.pdf 


Linux  since  1995" 


www.cyclades.com/nw 

sales@cyclades.com 

1 .888. CYCLADES 


cyclades 


Everywhere  with  Linux 
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emote  Console  Management  Solutions 


Serial  Console  Ports...  from  Anywhere! 


OUT-OF-BAND  +  TELNET 


■  Multi-Session  Telnet 

■  8, 16  or  32  Port  Models 

■  Non-Connect  Port  Buffering 

■  AC  and  -48VDC  Power  Options 


OUT-OF-BAND  +  MODEM 


■  Internal  33.6  Kbps  Modem 

■  Seven  DB-9  Serial  Ports 

■  Any-to-Any  Port  Switching 

■  Co-Location  Password  Features 


OUT-OF-BAND 


■  4,  8  or  16  Port  Models 

■  Port  Specific  Passwords 

■  Safe  “Break”  Features 

■  Datarate/Flow  Control  Conversion 


r  .  .  i. ...  -i. .  i  .  -I- . 

WTI's  family  of  remote  site  management  products  allows  network  administrators  to  manage  network  elements  located  anywhere.  WTI  designs  and  manufactures  in- 
^  band  and  out-of-band  console  and  terminal  switches,  remote  reboot  and  power  management  solutions,  rack  mounted  modems  and  automated  A/B  Fallback  Switches. 


■  Features  included  in  all  Console  Switches 

WWW.Wti.COm  («00l  854-7226 


western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  9  2  6  1  8  -  2  5  1  7 


Keeping  the  Net.. .Working! 


NfcTSUPPQRT  MANACj&R 

New  Version  8.0! 


Remote  Control 
Enhanced  Inventory 
Internet  Gateway 
System  Status  Reporting 
Mac  &  Linux  Support 
Desktop  Integration 
Show  to  Many 
View  Multiple  Screens 
File  Distribution 
Chat,  Help  and  Message 
Profiled  Security 
Remote  Deployment 
Automated  Scripting 


NetSupport  Manager  new  version  8.0  remote  control  software  securely  connects  you  with 
your  coworkers  to  support  their  systems  anywhere  over  a  LAN,  WAN  and  the  Internet. 


NetSupport  Manager  provides  fast,  secure  remote  PC  access,  enhanced  hardware  and 
software  inventory,  a  new  Internet  gateway,  system  status  reporting,  desktop  integration, 
Mac  &  Linux  support,  automated  scripting,  file  transfer,  remote  deployment  and  much  more. 


Prop  up  a  pillow  and  join  the  remote  revolution  today! 


]  Download  <§>  w ww.i'etvupport-inc.com 
|  or  call  toll-free  at  1 .883.663.0808. 


N^l-Ejupp^rt 


Firewall 


Experience  Counts.  Since  1 994  GTA  has  been 
building  solid,  dependable  firewail  systems.  For 
the  past  8  years  our  line  of  firewall  products 
have  met  the  demands  of  small  to  medium  sized 
businesses  worldwide.  All  GTA  firewall  products 
carry  the  ICSA  4.0  Corporate  Firewall  Certification 
To  learn  more  about  our  family  of  firewalls  visit 
our  website  or  contact  a  GTA  channel  partner. 


Technology 


Associates,  Inc 

775-4GTA  •  www.gta.com  •  info 
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The  Hub  of  the  Network  Buy 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 
Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Observer 

$995 


Expert 
Observer 
* 2895 


Observer 
Suite 
$ 3995 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 

©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 
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Your  network  costs  a  fortune... 

•••protecting  it  doesn't  have  to 


NEW 

LOWER 

PRICES! 


72"  Workstation 

$799 

Stk.  #  C95033 


,« 

Keyboard  drawer: 
orh?  casters  soid 
sepu'Otely. 


Global  LAN  Furniture 

{>rotects  your  equipment 
or  a  lot  less  money. 

Our  heavy-duty  LAN  Furniture  is  built  to  last  with 
steel-reinforced,  triple-leg  support  and  lateral 
braces.  Built-in  cable  management  system  hides 
unsightly  wires  and  organizes  and  separates 
cables.  Deep  30"  work  surface,  adjustable  shelves 
and  sturdy  server  shelf  allow  for  easy  integration  of 
all  your  network  equipment,  providing  a  complete 
storage  solution.  Our  96",  72",  48"  and  24"  wide 
units  combine  with  additional  shelves,  keyboard 
drawers  and  casters  for  unmatched  flexibility  to 
meet  your  changing  needs. 


SAVE  A  TON  OF  MONEY 
ON  YOUR  NEXT 
MEDIA  PURCHASE! 
Check  out  our  prices  today! 


24"  Server  Station 

$299 

Stk.  #  C23955 


as  low  as 


COMPUTER  a  Systemax  company 


CALL  1  -800-8-GLOBAL 

or  visit  us  online  for  the  LAN  solution  that  is  right  for  you. 
www.globalcomputer.com/go/mag/lan 


H  &  u  e  m  a  n 


COMPLETE  KVM  CONTROL  VIA  TCP/IP 


CONTROL  KEYBOARD,  VIDEO  AND  MOUSE  REGARDLESS  OF  LOCATION 

With  the  Kaveman  networking  device,  you  can  remotely  control  servers,  either  over 
the  Internet  or  a  local  network,  down  to  the  BIOS  level. 

ACCESS  SERVERS  USING  A  WEB  BROWSER  OR  VNC 

All  you  need  to  operate  Kaveman  is  a  web  browser  or  VNC  on  the  remote  client.  No 
additional  software  is  required.  And  no  software/users  licenses  help  keep  your  costs 
down. 

REMOTELY  CONTROL  POWER 

Through  the  user-friendly  Kaveman  GUI,  you  can  control  the  power  of  up  to  eight 
devices. 


AUTOMATICALLY  MONITOR  SERVER  ACTIVITY 

Kaveman  automatically  monitors  critical  server  vitals  such  as  power,  video,  and 
keyboard  response;  it  alerts  you  to  crashes  and  enables  you  to  quickly  respond  to 
problems. 


Dl 


The  Engine  of  Innovation 


Available  in  single  and  eight  channel  versions  www.digitalv6.com  Resellers  and  Distributors  welcome 
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CYBERG==ARD  FIREWALL/VPN  APPLIANCES 

L  r\r  \mnita  noncsrc  An  DaaI/  va  iH  Cqai  i  r  it  w  tn’ 
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DEFEND  YOUR  DOMAIN 


For  white  papers  on  Rock  Solid  Security  go  to: 
www  cybeiguard.com/ROCKSOLID/nw.cfm 
Phone:  954  958.3878  •  e-mail:  info@cyberguard.com 


THOMAS  MATZEN 

Director  of  Security.  Commerzbank  AG 

With  consolidated  total  assets  of  more  than  $ 420  billion. 
Commerzbank,  based  in  Frankfurt.  Germany,  and  founded 
in  1870.  is  one  of  Germany's  -  and  Europe's  -  leading 
private-sector  banks 

“Information  technology  is  a  key  factor  in  the  financial  business 
and  our  data  is  one  of  the  most  valuable  assets  we  have.  We  need 
‘rock  solid’  security  to  satisfy  our  demand  for  the  highest 
protection  of  this  data  and  fulfill  the  confidence  of  our  customers. 

It  is  important  to  have  a  well-structured  and  maintained  security 
infrastructure  in  place,  but  it  is  also  important  to  have  a  firewall 
supplier  we  can  trust. 

“We  first  chose  to  use  CyberGuard  in  1997,  not  only  because  they 
are  the  first  vendor  in  the  world  to  achieve  EAL4  certification  for 
their  firewall  appliances,  but  also  because  we  wanted  a  highly 
secure  product  which  offers  us  a  multilevel  secure  operating 
system,  proxy  abilities  and,  of  cause,  high  availability.  We  were 
also  impressed  with  CyberGuard’s  support  offerings  and  have 
not  been  disappointed;  we  have  had  good  experience  with  onsite 
support  for  our  products  with  all  deliverables  handled  in  time. 

»  ’  ••  •  --  .  Jr,  .'. 

.... 

“Today,  we  are  using  CyberGuard’s  products  to  protect  all  external 
connections,  including  the  Internet  as  well  as  connections  with 
vendors  such  as  Reuters  and  other  third  party  networks.  This 
infrastructure  is  being  used  by  some  35,000  users  worldwide, 
serving  800  German  locations  and  over  20  international  locations  - 
across  four  continents  including  London,  Prague,  Moscow,  Mil^n, 
Paris,  Madrid,  New  York,  Singapore,  Tokyo  and  more.”  ; 

■'  •  f  /Vr  r.r  t\f., /;>  v •• 

CyberGuard's  security  solutions  are  found  in  Fortune  1000  companies 
and  governments  worldwide.  CyberGuard's  award-winning,  premium)- r ) 
firewallA/PN  appliances  maintain  complete  separation  of  network  traffic  : 

from  system  components. 

.  ■  *  ■  A •  **  *  vjt  p  uj 
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LANWatch 
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LANWatch  is  a 
robust,  Windows  based 
packet  analyzer.  Single  aw-T 
user  only  $695.  SS 
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Powerful 

Network 

Forensics 

Analysis 
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View  Email,  Web  Pages,  and  File  Contents 
Reassemble  up  to  999,999  Connections 
Patent  Pending  SSH2  &  SSL  Decryption 
Record  Traffic  for  Future  Investigation 
Guaranteed  Invisible  on  Your  Network 
Find  and  Report  Cleartext  Passwords 
Full-Content  Inspection  &  Analysis 
Catch  Header  and  Port  Spoofing 
Drill  Down  through  Connections 
Secure  Remote  Administration 


n® 


The  wardialer  of  choice 
for  Security  Professionals 

PhoneSweep  Gold  has  a 
distributed  architecture, 
merged  reporting  and 
email  notification. 


Are  you  being  wardiaied? 
Find  out  with  Sandtrap, 
our  Wardialer  Detector. 


SandstOi 


ris  i 


Free  Whitepaper  &  Product  Demos 
www.sandstorm.net  617-426-5056 

Copyright  ©  2003  Sandstorm  Enterprises,  Inc.  All  Rights  Reserved. 
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AppDancer  /  FA 

-*■  Network  Flow  Analyzer 

•  An  Easy-To-Use  Network  Viewing  Tool 

•  Email  •  Database  *¥01?  »Web 

•  Identifies  Problems  Causing  Slow  Downs 

•  Monitors  Applications,  Network  Devices, 
and  Network  Traffic 

•  Affordable  ^^JULLk  IJ1  A 


Free  Download! 

wwwAppDancer.com 


BEST  OF  INTEROP 

NETW>  RLDINTEROP 

cmp  ifowiiim  ee Times 


Call  Toll  Free 
800.825.7563 
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AppDancer  Networks,  Inc. 

1000  Holcomb  Woods  Parkway 
Suite  426 

Roswell,  GA  30076-2585  USA 

email  info@AppDancer.com 

telephone  770.643.6800  USA 
web  www.AppDancer.com 


RMOIMS  PROBE 


Complete ,  Industry  Standard,  Software-Based  RM0N2  and 
RM0N1  Probe  for  Windows  98/Me/NT/2000/XP 


^Network  Instruments  RM0N  Probe  H&1E3 


NETWORK 
INSTRUMENTS 


OBSERVER 


PCI  Fa  it  Ethernet  C'EC  21  ’ 


•  Low  cost,  complete  RMON  monitoring  for  remote  sites  or 
segments. 

•  Software- only,  non-dedicated  data  collection. 

•  Pure,  full  RMON  1  and  2  support.  Complete  implementation  of 
both  RMON  1  and  2  for  Ethernet  (10/100)  and  Token  Ring  (4/16). 

Full  adherence  to  RFCs  1513.  1757,  2021  and  2074. 

•  Runs  as  a  service  on  Windows  NT/2000/XP. 

•  Works  with  ANY  RMON  management  console  or  collection  facility 
(Observer  \  OpenView  ,  Concord  ,  NetScout  ,  etc.). 

•  Compatible  with  Network  Instruments'  optimized  ErrorTrack NDIS 
drivers  display  true  errors-by -station. 

•  Multiple  concurrent  network  interface  monitoring  (up  to  10). 

Why  pay  thousands  more  for  the  same  data? 

Call  800-526-7919  for  information,  or  see  our  web  site  at: 

www.networkinstruments.com 

©  2001  Network  Instruments.  LLC  -  Corporate  Headquarters  (952)  932-9899  FAX  (952)  932-9545 
UK  and  Europe  +44  (0)  1959  569880  FAX  +44  (0)  1959  569881  in(o@networkmstruments  com  www.networkinstrumenls  com 
Network  Instruments  and  the  "N"  logo  are  registered  trademarks  of  Network  Instruments.  LLC  Minneapolis.  MN  USA 


Power  Control 


Now  design  flair,  flexibility  and  comfort  into  your 
data  center  with  NOC  Vision  from  SMC.  Modular 
construction,  numerous  configuration  possibilities, 
multiple  tiers,  accents  in  your  company's  colors 
and  many  other  unique  features  compliment  any 
work  environment.  Create  a  command  bridge 
that's  a  perfect  melding  of  function  and  style. 


NDC 

Vision 


Ask  about 
our  Free 
site  survey. 


Total  Solutions  in  hardware  storage, 
monitoring  and  management 

1-800-SMCPLUS  www.smcplus.com 

100  Progress  Parkway,  PO  Box  431,  Conklin,  NY  13748 


■ 

.... 

.  ■  .  •  ..  : 


•S'1'-'*'' 

s  V. a 


Verify  Amps  Used  per  Circuit 
with  Sentry  Input  Current  Monitor 

•  Precisely  measure  the  current,  in  amps, 
for  each  power  circuit 

•  Prevent  overloads  on  existing  power  circuits 

•  Reduce  costs  for  additional  power  circuits 

•  Overcurrent  alarms 

•  Remote  Measurement  via  IP  or  RS-232 

•  Local  Measurement  via  digital  display 
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Sentry  Power  Tower.  Equipment  Cabinet  Solutions. 


Server  Technology;  Inc. 


1040  Sandhill  Drive  Reno,  Nevada  8951 1  USA 
web:  www.servertech.com  toll  free:  1.800.835.1515 


dtSearch 


’Industrial-strength.. 

superb" -pc  m*9**‘™ 


‘Industrial-strength. 


‘Industnal-strength. 
SUperb"-PC  Magacn* 


Instantly  Search 
_  Gigabytes  of  Text 

*  Search  across  networks,  intranets,  and  web  sites 

♦  Publish  large  document  collections  to  web  or  CD/DVD 

Superb . 
of  high- 


"Superb ...  a  multitude 
of  high-end  features" 

—PC  Magazine 

"Very  powerful ...  a  staggering 
number  of  ways  to  search" 
—Windows  Magazine 

"Tremendously  powerful  and 
capable"  —Visual  Developer 


"Intuitive  and  austere ...  a 
superb  search  tool"  —PC  World 

"A  powerful  text  mining 
engine ...  effective  because 
of  the  level  of  intelligence 
it  displays"  —PC  Al 

"Searches  at  blazing  speeds" 
—Computer  Reseller  News 
Test  Center 


In  the  past  year  alone,  over 
half  of  the  current  Fortune  10 
have  purchased  developer  or 
network  licenses. 


Features: 

♦over  two  dozen  indexed,  unindexed, 
fielded  and  full-text  search  options 

♦  highlights  hits  in  HTML  and  PDF 
while  displaying  embedded 
links,  formatting 
andfrnrrra 

♦  converts  other  file 
types— word 
processor,  database, 
spreadsheet,  email,  ZIP, 

XML,  Unicode,  etc.— to 
HTML  for  display  with 
highlighted  hits 

♦  developer  products  have  easy 
wizard-based  setup:  optional  API 

See  www.dtsearch.com  for: 

♦  developer  case  studies 

♦  fully-tunctional  evaluations 

1-800-IT-FINDS 

sales@dtsearch.com 


Magazine 


superb 
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superb 


Desktop 

♦  Si  99 


Network 

&from  S800 


The  Smart  Choice  for 
Text  Retrieval  since  1991 


Contact  these  companies  today  to  help  you  with  your  training  needs! 

MeasureUp 

(678)  356-5000 
|  www.measureup.com 
Certification  Practice 
I  Tests 


Transcender 

(615)  726-8779 
I  www.transcender.com 
Award-winning  practice  exams 
for  IT  certification 


|  WKMN  Training 

(415)  586-1713 
I  www.wkmn.com/wireless 
Comprehensive  introduction  to 
I  wireless  networking. 


George  Washington  Univ 

(202)  973-1175 
|  www.cpd.gwn.edu 
Oracle  MCSE  Network  Security 
UNIX/LINUX  1-Net  VT3.Net  XML 


CBT  Nuggets,  Inc. 

(541)  284-5522 
|  www.cbtnuggets.com 
IT  Certification  Videos 
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The  Hub  of  the  Network  Buy 


i |  We  Buy  &  Sell 

w 


Overnight  Delivery 
90-ciay  Guarantee 
F ree  Tech  Support 

FREE  Gift 
With  Every 
Purchase 


Cisco 

18008613787 


Specials  of  the  week: 

Cisco  2611 

$750 

Cisco  PA-MC-2T1 

$550 

Cisco  WS-C2916M-XL-EN 

$295 

CALL  US  FOR  FREE  QUOTE!! 

OvernightNetworks,  Anaheim,  CA  92840 


Joimponents; 

11  ",  .J  Inctwork  hardware 


IT  Hardware  for  Less 


New  Overstock 

Open  Box 
Pre-Owned 
Discontinued 


We  Buy  &  Sell 

USED 

CISCO 

Juniper 

Extreme 

800.45t.3407 


WE  BUY  USED  CISCO 
8  SURPLUS  EQUIPMENT 

MBE  Certified -Woman  Owned 

1 1904  South  La  Cienega  Blvd,  Hawthorne,  CA  90250 
Tel  310  643.6021  •  Fax  310  643.6041  •  www.jecom.com 


Since  1985 

50-90%  Savings 
Fully  Guaranteed 
Overnight  Delivery 

networkhardware.com 


FIBEROPTIC 

SOLUTIONS 


•  T1/E1&T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax.  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet'T  themetToken  Ring 

•  Video/Audio/Hubs/Repeaters 

•  ISO-9001 

siTECH 

Toll  Free  866-SITech-l 
630-761-3640.  Fax  630-761-3644 
www.sitcch-bitdriver.com 
www.silcchfibcr.cora 


WRC 


NEW 


NET 

ST  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 
IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 


WE  BUY  AND  SELL 
www.wrca.net 
800-699-9722 


Smartronix 

Network 
Test  Tool 


a 


PDA  Based! 


s699 


10/100  Ethernet  LAN  Tester 

Design  Engineers: 

Evaluate  &  test  new 
equipment  under 
development 
Network  Engineers: 

Determine  faulty 
NIC  cards,  wiring,  & 
network  equipment 


(FREE  Palm  ml05 
included) 


►  Displays  network  utilization,  packets 
&  statistics 

►  Captures  &  generates  various  error 
packets 

►  Network  load  testing  function 

►  Full  auto  negotiation  &  DHCP  ready 


Toll  Free  1-866-442-7767 
www.smartronix.com/products 


COMPLETE 

Catse  Kit 

EACH  KIT  INCLUDES: 

i-ioooft  Box  of  Catse  Cable 
100-RJ-4S  Connectors 
l-Crimper  Tool 


•  In  Stock  &  Ready  to  Ship 

•  No  Freight  Upcharges 

•  No  Handling  Fees 

•  7  Year  Warranty 

•  $700  minimum  order 

760-639-4500  www.evertek.com 


CISCO  NORTEL 

NEW  •  REFURB  /  BUY  •  SELL 


Truckload 

Cm^rsrm  M 

NORTEL 

NETWORKS 

3IW  -  ^  Bay  Networks^ 

Fax  Equipment  List  To  801-377-0078 


888-8LANWAN  Sag 

Call  for  Free  Quote!  (888-852~6926)  www.nle.com 


For  More  information 
on  ads/ertfrin,?  In 
Wetworfc  Worlds  Marketplace 
—  contact;  Ef)ku  Gufcale* 
|fc|0Q-622-1 1 08  ext.  6*f65, 
fe  e^o  tale©  nww.coM 


Call  Direct  Response  Advertising 
1-800-622-1 108 


C.t%tQ  itUQO , 

WeabtrafSfgn.'and  leaSte 

new  and  refurbished  networking  equipment, 
»  with  the  best  value  and  service  anywhere. 


order  now:  310-416-1200 


or  visit 

www.ContiComp.com 


Make  the  Smart  Choice, 
Trust  the  Experts 


We  Specialize  In... 

Cisco  Systems 


jtfmtinental 


COMPUTERS  Sine*  1984 


Authorized 
Reseller 

These  logos  are  a  trademark  of  lhe»r  respective  companies  and  service* 


OptimumDatalnc. 


toll  free  800  879  8795 
ph:  + 1  402  575  3000 
fax:  + 1  402  575  20 1 1 


www.optimumdata.com 


Extreme  Networks 


ADTRAN  •  Sun 


in_JMi 

See  the  entire  Generation 
3.0  collection  at: 

BRETTS 

Luggage.  Leather  goods. 
Gifts  Pens.  Clocks. 
Lighters.  Games 


www.suitcase.com 


For  more  information  on  advertisings 
in  the  Marketplace, 

STOP  everything,  and  call  now! 
800-622-1108  ext.6465 
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Network  Products  &  Services  with 
Network  World’s  Marketplace  Call  800-622-1108  ext.  6507 


careers.com 


IT  CAREERS 


ffi  careers  < 

w  ■ 


GIS  Software  Quality  Control 
Specialists  (Atlanta,  GA  & 
Jacksonville,  FL):  GIS  Software 
test  planning  and  preparation. 
Generate  test  cases  and  scripts 
using  geographically  referenced 
data,  report  and  coordinate  test 
activities,  execute  test  scripts, 
record  results  in  a  defect  track¬ 
ing  pool  and  implement  sound 
QA  testing  practices  using 
GNIS.  LODE  data,  GE  Small 
World,  Framme,  Microstation  & 
Autocad.  Communicate  and 
resolve  QA  issues  with 
Programmers  and  Developers. 
Develop  &  initiate  quality  stan¬ 
dards  for  new  software  tools  to 
implement  new  versions  of  GIS. 
2  years  exp.  in  job  offered 
required  Think  Resources,  Inc., 
280  Technology  Parkway, 
Norcross,  GA  30092  No  phone 
calls  please.  EOE. 


You  can 
find  a 


better 


JOB 


I  with  one 
hand  tied 


behind 


your  back. 


Just  point  your 
mouse  to  the 
world’s  best 
IT  careers  site. 


Brought  to 
you  by 

Computerworld, 
Info  World  and 
Network  World. 


Find  out  more. 

Call  your 
ITcareers  Sales 
Representative 
or  Nancy  Percival, 
1-800-762-2977 


m  careers.com 


Where  the  best 
get  better 


Senior  Software  Developer 
Consultant  Provide  tech  leader¬ 
ship  for  dsgn  &  dvlpmt  of 
Internet  8  Intranet  applies  using 
MS  tools  &  products;  dvlp  inven¬ 
tory  mgmt  &  e-commerce 
applies  for  B2B  envrmt;  eval 
user  requests,  analyze  current 
operational  procedures,  identify 
probs.  learn  specific  input/output 
reqmts  &  clarify  prgm  objectives; 
formulate  &  implmt  plans  to  dvlp 
&  deploy  applies  for  internal  use 
&  sales  to  customers;  &  provide 
structured  analysis  &  dsgn  of 
project  specs  for  coding  in  comp 
lang.  BS  in  Comp  Sci  or  engg  or 
related  field  +4  yrs  exp  in  job 
offd  or  as  Prgmr/Analyst  or  simi¬ 
lar  duties  under  different  job  title. 
Exp  to  ind  Unix,  Unix  CVS,  MS- 
DOS,  Win  NT  4.0.  Oracle  7.X/8.0 
&  Oracle  Reports,  SQL  Server, 
COM  &  HTML.  Must  be  certified 
in  MS  VB,  Oracle  Prgmg,  & 
Active  Server  Pages  Prgmg. 
40hrs/wk,  $48K/yr.  Must  have 
proof  of  legal  auth  to  work  in  US. 
Send  resume  to  IA  Workforce 
Center,  215  Watson  Powell  Jr. 
Way,  Ste  51,  Des  Moines,  IA 
50309-1727.  Please  refer  to  Job 
Order  IA1 101678.  Employer 
paid  ad. 


Positions  are  available  for 
Software  Development  Engineer 
II  in  Atlanta  with  a  technology 
solutions  company.  The  compa¬ 
ny  architects  and  designs  next 
generation  software  for  point-of- 
sale  and  Internet  systems  in  the 
retail  industry  including  enter¬ 
tainment,  petroleum  with  conve¬ 
nience  or  food  stores,  and 
restaurants. 


The  Software  Development 
Engineer  II  is  primarily  responsi¬ 
ble  for  developing  financial 
reporting  software  for  major  sub¬ 
systems  or  sets  of  applications. 
Specific  responsibilities  include 
analyzing,  programming,  debug¬ 
ging,  &  modifying  computer  pro¬ 
grams  for  end  user  applications. 


Candidates  for  these  positions 
should  possess  a  Bachelor's 
degree  in  Computer  Science  or 
a  related  field  and  at  least  two 
years'  experience  in  a  point-of- 
sale  retail  environment  including 
software  documentation,  utilities 
and  job  control  languages 
including  SQL,  data  modeling, 
OO  design,  and  Visual  Basic. 
Apply  with  resume  by  mail  to: 


Christie  LoCurto 
Radiant  Systems,  Inc. 
3925  Brookside  Parkway 
Alpharetta,  Georgia  30022 


Developer:  2  yrs  exp  w / 
CCOM.DCOM  &  back 
end  MS  SQL  Server 
Relational  Database  De¬ 
sign  &  Implementation 
Enterprise  Integration 
Application  Tools  &  prior 
exp.  w /  financial  apps 
req'd.  Submit  resume  to 
Dara  Ambrose  Judge 
Technical  Services  1800 
Diagonal  Rd.  Suite  250, 
Alexandria,  VA  22314 


Software  Engineer  wanted  by 
medical  software  developer  to 
perform  research,  design, 
coding  and  testing  of  medical 
software  applications  using 
Java  programming  language, 
Enterprise  Java  Beans,  with 
Oracle  and  Weblogic  applica¬ 
tion  server.  Bach.  in 
Computer  Engineering  req¬ 
uired.  Send  resume  to  Hamid 
Amjadi  of  Prime  Clinical 
Systems  at  3675  E. 
Huntington  Dr.  Ste.  A, 
Pasadena,  CA  91107. 


CB0E 


tniuMiu  »o*nu  ur  t  mna  r  Aornnur 


As  the  world's  largest  Options 
Exchange,  the  Chicago  Board 
Options  Exchange  (CBOE), 
we  rely  on  the  latest  tools  and 
technology  to  maintain  market 
leadership  in  the  options 
industry.  Our  Systems  depart¬ 
ment  plays  an  integral  role  in 
ensuring  that  our  growth  con¬ 
tinues.  We  currently  have  the 
following  opportunities: 


•  Engineer 

(job  id#:  MGCW/309383) 

•  Sr.  Programmer  Analyst 
(job  id#:  MGCW/308482) 

•  Programmer  Analyst 
(job  id#:  MGCW/301680) 


As  part  of  the  CBOE,  you  will 
enjoy  a  competitive  salary  and 
excellent  benefits  For  further 
consideration,  please  e-mail 
your  resume  to: 
cboe@hiresystems.com.  To 
ensure  appropriate  routing  of 
your  resume,  please  refer¬ 
ence  the  above  job  id#  in  the 
subject  line  of  your  e-mail. 
For  further  information  regard¬ 
ing  these  opportunities  as  well 
as  other  opportunities,  please 
visit  our  website  at 
http://www.cboe.com.  CBOE 
is  an  equal  opportunity 
employer  M/F/D/V. 


InfoGroup  NW  seeks  CSA  for  HQ 
office  in  Eugene,  OR.  DESC: 
Anlyz.  existing  info.  sys.  &  user 
reqs.  Specify,  order,  install,  &  cus¬ 
tomize  hardware  &  s/w  for  corp. 
web  based  customer  service  & 
tech,  support  site  util.  IRM, 
Tracker,  OpenView.  Dsgn,  dev,  & 
impl.  RDBMS  &  web  apps.  util. 
PHP,  MySQL,  PostgreSQL,  SQL 
Server,  Clearcase,  JavaScript, 
EJB,  JDBC/ODBC,  JBoss,  XML, 
Perl,  ASP,  &  shell  script  on  Unix  & 
Win  o/s.  Build  &  test  web  &  app. 
servers  &  install  o/s,  bundled  s/w 
packages.  REQ:  BS  in  Engr,  CS, 
or  rel.  field  of  study  +  1  yr.  exp. 
dsgn,  dev,  &  impl.  RDBMS  &  rel. 
web  apps  util.  IRM,  MySQL,  PHP, 
Clearcase,  PostgreSQL,  EJB, 
JBoss.  SQL  Server  on  Unix  &  Win 
plats.  Prem.  sal.  +  benes.  Pis. 
reply  to  S.  Rexius,  Job#IG-101, 
2225  Coburg  RD,  Eugene,  OR 
97401. 


CLIENT-SERVER  APPS  ANA¬ 
LYSTS.  provide  tech  support  for 
claims  and/or  financial  systems 
and  seamless  integration  with 
other  in-house  systems. 
Implement  functions  incl.  opera¬ 
tion  setup,  conversion,  migra¬ 
tion,  etc.  Perform  data  ware¬ 
housing  &  mining.  Bachelor's 
degree  in  Comp  Sci,  Comp 
Eng'g  or  related,  plus  2  yrs  exp. 
as  programmer,  software  eng’r, 
sys  analyst  or  related  is  accept¬ 
able.  Applicant  must  have 
knowledge/experience  of  SQL 
data  base  and  Crystal  reports, 
MS  operating  system  2000  & 
Visual  Studio  Suite  of  products. 
Proof  of  U  S.  Work  auth  req'd. 
Resumes  to:  L.  Cannady/Motion 
Pic.  Indus.  Pension  &  Health 
Plans,  11365  Ventura  Blvd, 
Studio  City,  CA  91604.  No  calls 
please. 


Database  Administrator 
wanted  by  Digital  Mktg 
Agency  in  CT.  Create 
database  design  &  mod¬ 
eling;  maintain  production 
&  dvlpmnt  database  envi- 
ro;  resolve  database 
problems;  assist  in  dvlpm¬ 
nt  of  tech  design  docs. 
2yrs  exp  in  job  offered 
req.  Respond  to:  HR 
Mngr/EURO,  372 

Danbury  Rd,  Ste  100,  CT 
06897. 


Product  Manager,  Commercial 
GE  Network  Solutions,  a  major 
designer  and  developer  of  geo¬ 
graphic  information  systems 
software  for  the  telecommunica¬ 
tions  industry  has  an  opening  in 
its  Englewood,  Colorado,  office 
for  a  Commercial  Product 
Manager  who  will  develop  new 
product  initiatives  and  product 
collateral  for  GIS  software;  as 
well  as  develop  marketing  and 
business  strategies  and  material 
for  technical  solutions,  sales  and 
service  for  customers.  The  prod¬ 
uct  manager  will  also  represent 
GENS  to  industry  organizations; 
review  proposals  for  GIS  prod¬ 
ucts;  and  complete  risk  assess¬ 
ment,  orders  forecasting  and 
operating  margin  determination 
for  product  contracts.  Additional 
responsibilities  include  resear¬ 
ching  industry-wide  technical 
advances  and  market  financial 
trends;  managing  relationships 
with  external  partners;  and 
preparing  proposals  for  software 
licenses  and  contracts. 


Qualified  applicants  will  have  a 
minimum  of  six  years  experi¬ 
ence  developing  geographic 
information  systems  software  for 
the  telecommunications  indus¬ 
try. 

Applicants  should  send  resumes 
to  Kristin  Gillen,  GE  Network 
Solutions,  5600  Greenwood 
Plaza  Blvd.,  Suite  300, 
Englewood,  CO  80111, 
Applications  will  be  accepted  via 
mail  only,  not  by  fax  or  email; 
please  reference  job  number 
R2154SC. 


Lead  Oracle/Internet  Developer 
sought  by  pharmaceutical  R&D 
Co.  in  Princeton,  NJ.  Candidate 
must  have  a  Master's  degree  or 
equiv  in  Comp  Sci  &  at  least  5 
yrs  of  exp  in  IT,  specifically  appli¬ 
cations  development.  The  fol¬ 
lowing  skills  are  required:  1  + 
years  in  pharmaceutical  indus¬ 
try;  exp  w/business  develop¬ 
ment  environment  and  Strategic 
Intelligence  function;  min.  3  yrs. 
exp  in  web  development  using 
Java/JSP/Servlets/Oracle  (ver¬ 
sions  7-9i,  Oracle  Application 
Server  9iAS);  Oracle  DBA  certi¬ 
fication;  exp  w/  Documentum, 
WDK  4.2.4;  Documentum  Web 
Development  Kit;  exp  w/  data 
modeling  using  ERWIN  &  Visio; 
exp  in  full  life  cycle  software 
development  of  IT  projects  & 
applications  including  design, 
development,  testing  and  deliv¬ 
ery.  Ability  to  lead  a  small  team; 
manage  vendor  responsibilities 
on  projects;  possess  excellent 
verbal/written  communication 
skills  in  order  to  provide  techni¬ 
cal  options  to  business  users. 
Send  resume  to:  Strategic 
Staffing.  BMS,  M/S  E14-12, 
Route  206  &  Provinceline  Road, 
Princeton,  NJ  08540  Job  Code: 
NS-788. 


Sr.  Programmer  Analyst  for 
requirements  analysis,  design, 
test,  integrate,  evaluate  web 
based  object  oriented  applica¬ 
tions  using  MVC,  J2EE  & 
Websphere  studio.  Software 
engineering  using  Rational  uni¬ 
fied  Process;  build  Java  applns., 
web  services  using  HTTPS  & 
SOAP;  design  mail  agents  using 
MQ  Series,  JavaMail,  JMS, 
Oracle9l  &  Websphere.  Provide 
tech,  supp.,  PM,  &  troubleshoot¬ 
ing;  monitor  performance  using 
jProbe;  debug  &  maintain  exist¬ 
ing  applns.  Write  specs.,  docu¬ 
mentation  &  programs  for  soft¬ 
ware  applns.  in  wide  range  of 
networking  environments. 
Requires  MS  in  Computer 
Science  +  1  yr.  of  exp.  in 
Software  Develop.  Competitive 
salary.  Apply  to  Software 
Superheroes,  LLC,  4867 
Ashford  Dunwoody  Road, 
#5003,  Dunwoody,  GA  30338 
with  proof  of  permanent  work 
authorization  in  US. 


Bl  Web  Developer 
SchlumbergerSema  seeks  a  Bl 
Web  Developer  for  our  office  in 
Raleigh,  North  Carolina  to  par¬ 
ticipate  in  the  development  and 
support  of  B2C  and  B2B  appli¬ 
cations  within  a  fast  paced  envi¬ 
ronment.  As  a  member  of  the 
Enterprise  Intelligence  Team, 
your  responsibilities  will  include 
support  and  development  using 
Vignette  Content  Management 
Server,  Tool  Command 
Language  (TCL),  Flash, 
Photoshop  6,  Crystal  Reports 
and  Microsoft  technologies  (VB, 
ASP,  Commerce  Server  2000, 
SQL  Server  2000).  Additional 
duties  include  support  of  Movex 
ERP  system  and  web  front  end 
support,  PMX  Core  (e-com- 
merce  engine),  WebTrends 
Developers  Kit,  Cognos  Product 
Suite  (Impromptu  Web  Reports, 
Powerplay  Enterprise  Server, 
Cognos  Query),  and  application 
debugging  and  testing. 
Requires:  Bachelor's  Degree  in 
Computer  Science,  Computer 
Engineering,  Mathematics  or  a 
related  field,  and  two  years  of 
experience  in  support  and 
development  of  Vignette 
Content  Management  Server. 
Tool  Command  Language 
(TCL),  Flash,  Crystal  Reports 
and  Microsoft  technologies. 
Please  send  resume  to: 
SchlumbergerSema.  Attn: 
Personnel  Dept.  #SS/001, 
30000  Mill  Creek  Ave.,  Suite 
100,  Alpharetta,  GA  30022. 
E.O.E. 


COMPUTER  PROFESSIONALS 
Opportunities  for: 


WEB  ARCHITECTS/ 
DEVELOPERS 
SYSTEMS  ANALYSTS 
WEB  GRAPHIC  DESIGNERS 
NETWORK  ENGINEERS 
PROGRAMMER/ANALYSTS 
SOFTWARE  ENGINEERS 


SKILLS: 


•  COLD  FUSION  •  SPECTRA 

•  ORACLE  •  VISUAL  BASIC 

•  VISUAL  C++  •  SIEBEL  •  ASP 

•  COM,  DCOM  •  JSP  •  HTML 

•  JAVA,  JAVA  BEAN  •  EJB  JAVA 
SERVLETS  •  WEBSPHERE 

•  IBM  MQ  SERIES  •  XML.UML 

•  MTS  •  CLARIFY  •  PERL 

•  OBJECTPERL  •  SPYPERL 

•  SMALLTALK  •  PL/SQL 

•  VISUAL  AGE  •  COBOL.  SPL. 
UNIX 


Visit  our  website  @ 
www.computerhorizons.com 


Attractive  salaries  and  benefits. 
Please  forward  your  resume  to: 
H  R.  Mgr.,  Computer  Horizons 
Corp.,  49  Old  Bloomfield 
Avenue,  Mountain  Lakes,  New 
Jersey  07046-1495.  Call  973- 
299-4000.  E-mail:  jobs@ 
computerhorizons.com.  An 
Equal  Opportunity  Employer  M/F. 


Senior  IT  Consultant  -  Atlanta, 
GA.  Plan  &  direct  implementa¬ 
tion  &  customization  of  ERP 
(Enterprise  Resource  Planning) 
systms  to  fit  clients'  business 
needs.  Consult  w/managerial  & 
systms  analyst  personnel  to 
clarify  needs,  identify  problems, 
suggest  changes,  &  determine 
extent  of  prgmg  &  coding  reqd. 
Manage  IT  personnel  in  dvlpg, 
maintaining,  improving  &  sup¬ 
porting  ERP  s/ware  implementa¬ 
tion  projects.  Modifies  proce¬ 
dures  to  increase  efficiency  &/or 
adapt  to  new  reqmts  using  ERP 
systms.  Supv  overall  dvlpmt  of 
prgms.  Supv  &  train  subordi¬ 
nates  in  ERP  systms  dvlpmt. 
Proposes  ERP  systms  to  clients 
in  achieving  bus  solutions.  BS  in 
Comp  Sci  or  Engg  (or  foreign 
equiv)  &  5  yrs  exp  in  ERP 
systms  dvlpmt,  incl  2  yrs  project 
mgmt  exp.  $75K.  Resumes  to: 
Vedic  Group,  H.R.,  14202 

Parkview  Lane,  Alpharetta,  GA 
30005. 
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ds  on  test  results  and  research  recently  completed  by  Miercom  reveals 
innovative  features,  but  good  management  is  still  lacking  on  some  products.  This 
me  report  includes  comprehensive  information  on  23  IP-PBX’s  from  15  vendors. 


BI/B2B  Data  Architect 
SchlumbergerSema  seeks  a 
BI/B2B  Data  Architect  for  our 
office  in  Raleigh,  North  Carolina 
to  participate  in  the  develop¬ 
ment  and  support  of  various 
applications  within  a  fast-paced 
environment.  As  a  member  of 
the  Enterprise  Intelligence 
Team,  you  will  be  involved  with 
development  efforts  for  internal, 
B2B  and  Bl  applications  that  are 
conducted  using  Microsoft  tech¬ 
nologies  (ASP,  VB,  C++, 
BizTalk)  and  the  Cognos 
Product  Suite  (Impromptu  Web 
Reports,  Powerplay  Enterprise 
Server,  Cognos  Query).  You  will 
also  provide  support  for  the  fol¬ 
lowing  applications:  Kronos 
Timekeeping  System,  Humanic 
Human  Resources  Information 
System.  RDBMS  (Oracle  8  17 
and  SQL  Server)  and  the 
Cognos  Product  Suite. 
Additional  duties  include  support 
of  Movex  Business  Process 
Warehouse  (BPW),  software 
process  design,  programming, 
debugging  and  testing. 
Requires:  Bachelor's  Degree  in 
Computer  Science,  Computer 
Engineering,  Electronic 

Engineering.  Mathematics  or  a 
related  field  and  two  years  of 
experience  in  support  and 
development  of  the  Kronos 
Timekeeping  System,  Humanic 
Human  Resources  Information 
System,  the  Cognos  Product 
Suite  and  RDBMS 
Administration  (Oracle  and  SQL 
Server).  Please  send  resume  to: 
SchlumbergerSema,  Attn: 
Personnel  Dept.  #SS/002, 
30000  Mill  Creek  Ave.,  Suite 
100,  Alpharetta,  GA  30022. 
E.O.E. 


Business  Systems  Leader 


Temecula,  C.A.  Must  be  a  sea¬ 
soned  professional  who  will  man¬ 
age  projects  working  w/teams  that 
may  include  members  of  program¬ 
ming  staff  &  end-users.  Interpret 
bus  end-user  needs  for  all  compo¬ 
nents  of  HR/Payroll  area  &  trans¬ 
late  into  business  sys.  solutions 
through  configuration  of  SAP  R/3 
HR/Payroll  Module,  dev.  Proto¬ 
types,  test  plans  for  modified  con¬ 
figuration/software  &  provide  test¬ 
ing  w/end-users  to  ensure  solution 
integrity.  Responsible  for  sys.  secu¬ 
rity  &  upgrades  w/HR/Payroll  mod¬ 
ule.  Support  all  SAP  R/3  technical 
needs  associated  with  HR  &  Payroll 
functional  area  as  member  of  the 
MIS  Dept.,  eval.  HR/payroll  busi¬ 
ness  probs.,  identify/specify  appli¬ 
cation  &/or  sys  reqs  ,  eval.  vendor 
packages  &  implement  req.  soft¬ 
ware.  Provide  support/train  on  soft¬ 
ware,  basic  hardware  &  bus.  Solu¬ 
tion  questions  for  end-users.  Assist 
development  of  more  complex  SAP 
R/3  repots  &  data  interface  w/ven- 
dor  for  HR/Payroll  area.  Prepare 
training  materials  &  documentation 
of  sys.  changes,  configurations,  up¬ 
grades  &  enhancements  to  enable 
overall  training.  Bachelor's  Degree 
in  MIS  (or  foreign  equiv),  2  yrs  IT 
exp.  &  2  yrs  exp.,  which  may  have 
been  gained  concurrently,  on  SAP 
R/3  HR/Payroll  configuration  as 
Systems  Analyst/Programmer  Ana¬ 
lyst.  Resumes  to  (no  calls):  M. 
Hansen.  Hudson  RCI,  27711  Diaz 
Rd,  PO  Box  9020,  Temecula,  CA 
92589-9020 


Computers-Database  Adminis¬ 
trators  needed.  Seeking  qual. 
candidates  possessing  MS  or 
equiv.  and/or  rel.  work  exp.  Part 
of  the  required  rel.  exp.  must 
include  1  yr.  working  with  data¬ 
base  administration  &  Enterprise 
Manager  Work  with  3  of  the  fol¬ 
lowing:  Enterprise  Manager.  Or¬ 
acle,  PL/SQL  procedures,  Del¬ 
phi,  C,  Crystal  Reports,  Quick 
Reports,  Universal  Installer, 
SQL  Navigator.  OCP  certifica¬ 
tion  is  a  plus.  Fwd.  resume  &  ref. 
to  Applied  Econometrics,  Inc., 
Attn:  HR,  100  University  Dnve, 
Amherst,  MA  01002. 
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your  copy  today:  Go  to  http://nwwl.com/go/ad384.html 
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Remedy  Applications 
Engineer  /  System 
Administrator  req’d 
for  CT  telecom  co. 
Must  have  M.S.  or 
equiv’t  +  3  yrs.  exp. 
NO  TELEPHONE 
CALLS  Please.  Send 
Resume  to:  attn.  Jim 
Florwick  Globalcom 
LLC,  P.O.  605, Old 
Greenwich, CT.06870 


LAN  NETWORK  &  DATA¬ 
BASE  ADMINISTRATION  - 
Maintain  all  comp,  networks 
&  databases.  Req'd:  MS 
in  CS/rel'd  field.  &  1  yr.  exp. 
as  network  &/or  database 
admin.  Exp.  w /  MS  Access 
&  Oracle:  AutoCAD,  UNIX, 
Visual  Basic,  and  PL/SQL. 
Exp.  w /  network/database 
admin,  for  eng'g  firms. 
Send  resumes  to  Hirani 
Engineering,  47  Mineola 
Blvd,  Mineola,  NY  11501. 
Attn:  J.  Hirani. 


Infomerica  is  looking  for  sys¬ 
tem/programmer  analysts,  soft¬ 
ware/project  engineers  &  com¬ 
puter  consultants.  Candidates 
must  have  BS  with  some  exp.  in 
IT  fields.  Skills  of  Oracle, 
Informix,  Java,  SQL,  VB,  Web 
technology  preferred  Send 
resumes  to  info@infomeri- 
cainc.com.  EOE. 

CDI  is  a  multinational  company 
with  branch  offices  all  over  US. 
We  have  openings  for  various 
levels  IT  professionals. 
Applicants  must  have  degree 
and  experience  in  the  IT  field. 
Travel  maybe  required.  Please 
visit  www.cdicorp.com  for  vari¬ 
ous  positions  &  submit  resumes. 
EOE 


Senior  Systems  Analyst:  Lead 
workgroup  for  project  team  to 
support  existing  systems  and 
large  projects.  Support  and 
develop  systems  in  mainframe, 
client-server,  mid  range, 
PC/LAN  or  PC  Stand  Alone. 
Budget  and  project  costs  to  IT 
Mgmt.  Perform  need  based  spe¬ 
cial  assignments.  Bachelors 
Degree  with  relevant  experience 
or  substantial  relevant  experi¬ 
ence.  Resume  to:  HR,  Carlson 
Wagonlit  Travel.  3200  North 
Central  Avenue,  Suite  400, 
Phoenix.  Arizona  85012. 


DATA  MANAGEMENT  ASSOCI¬ 
ATE  (DATABASE  DEVELOPER) 
sought  by  pharmaceutical  research 
and  development  company  in 
Wallingford,  CT.  Candidate  must 
have  a  minimum  of  a  Bachelor  of 
Science  degree  in  Applied  Mathe¬ 
matics.  Statistics  or  Computer  Sci¬ 
ence  (with  coursework  in  applied 
mathematics  or  statistics).  Know¬ 
ledge  of  data  management  and 
process  data  collection  and  evalua¬ 
tion  a  plus  Strong  leadership  and 
communication  skills  required. 
Send  resumes  to:  Strategic  Staffing 
Specialist,  Job  Code  TN-684. 
Bnstol  Myers  Squibb  Co  .  PO  Box 
4000.  Mail  Stop  E14-12,  Pnnceton. 

NJ  08540. 

i 


Mngmnt  Systms  Anlyst:  Admin, 
maintn.  dsgn.  dvlp,  code.  test, 
instil.  &  implmnt  IT  applctns  w / 
Active  Serv  Pages.  IIS.  MTS.  VB 
Scrpt.  Active  X  DLL.  Win  32,  VB 
API,  ADO  2.5.  COM,  C,  Crystl 
Rprts  Writer.  Visual  Interdev  & 
SQL  Servr  in  Win  envmmnts. 
Detrmn  h/ware,  s/ware  &  instlltn 
options.  Config  &  admin  the 
server.  Eval,  mang  &  monitor 
d/bases.  Dsgn  &  test  new  tech 
envmmnts.  Integ  s/ware  mngm¬ 
nt  systms.  Req.  Bach  or  equiv  in 
Comp  Sci,  Mngmnt.  Buss  Admin 
or  equiv  &  2  yrs  exp.  HR  Mngr, 
Sky  Bird  Trvls  &  Tours.  26500 
NW  Hghwy,  #260,  Southfld.  Ml 
48076.  Fax:  248-372-4810 
(Code  #  ITN02) 


F/T  Computer  Systems  Adminis¬ 
trator.  To  manage  information 
system  activities  and  design 
POS  systems  using  Visual  Ba¬ 
sic,  Microsoft  SQL  Server  2000 
&  7.0,  MS  FrontPage,  Access 
2000,  and  Vb  Script.  Must  have 
4  yrs.  of  exp.  Must  have  Bach¬ 
elor's  degree  or  foreign  degree 
equivalent  in  Software  Engineer¬ 
ing.  Course  work  must  have 
included  Computer  Architecture 
&  Microprocessor  courses.  Sal¬ 
ary:  Competitive.  Send  resumes 
to:  T.  Ford,  Le  Petit  Bistro,  Inc., 
5600  Roswell  Rd  ,  East  Bldg., 
Ste  250,  Atlanta,  GA  30342.  No 
Calls  Please. 


Solutions  Analysts  wanted  by 
IT  comp  in  NYC  to  analyze/ 
design/develop  workflow 
mgmt  systems,  carry  out 
release/debug/quality  assur¬ 
ance  processes  &  automate 
regression/business  tests/ 
build  processes  for  Benefit, 
Workflow  and  Equity 
Applications,  PowerBuilder, 
PL/SQL,  Oracle,  DB  Artisan, 
PVCS,  Visual  SourceSafe, 
WinRunner,  PowerGen,  C++, 
OOD,  Visio,  Windows,  UNIX. 
Resumes  to  Vitech  Systems 
Group,  401  Park  AveSouth, 
NY,  NY  10016. 


PROGRAMMER  ANALYSTS: 
Analyze/develop/test/lmplement 
web-based  Info  management 
sys.  on  Windows/Unix  platform 
apply  00  program.tech:  Develop 
appl,  modules  using  C/C++. 
Java  and  PL/SQL:  design  GUI 
screens  and  create  reports/ 
queries  app  to  communicate 
with  Access/Oracle/  Paradox 
database  using  VB,  SQL  and 
Crystal  Reports:  perform  debug¬ 
ging,  troubleshooting  and  user 
support.  Requires  BS  in 
Comp.Sc.,  Engr.,  or  MIS,  plus  6 
mon.  exp.  Full-time  with  compet¬ 
itive  salary.  Apply  to  HR  at 
Three  Rivers  Systems,  Inc.  PO 
Box  4067  St.  Louis,  MO  63006- 
4067 


SBI  is  looking  for  the  following 
positions  for  its  offices  in 
Houston,  TX,  San  Francisco, 
CA,  Warren,  NJ,  Salt  Lake 
City,  UT  and  Portland,  OR: 
Programmer  Analysts.  Tech¬ 
nical  Architects,  Technical 
Consultants,  Business  Strate¬ 
gists,  Systems  Analysts,  Soft¬ 
ware  Engineers,  Art  Director, 
resumes  by  email  or  fax  only 
to  HR,  SBI  2825  East 
Cottonwood  Parkway,  Suite 
480,  Salt  Lake  City,  UT 
84121: 

careers@sbiandcompany.com: 

Fax  (801)733-3201. 


Senior  Network  En¬ 
gineer  req’d  for  CT 
telecom  co.  Must  be 
CCIE  and  have  M.S. 
or  equivalent,  4  yrs. 
Practical  experience 
required.  NO  TELE¬ 
PHONE  CALLS 
Please.  Send  Resu¬ 
me  to:  attn.  Jim 
Florwick  Globalcom 
LLC,  P.O.  605, Old 
Greenwich, CT.06870 


CAD  Potential.  Inc.  seeks  Snr 
Applic.  Engr./Automation  Dev. 
Program  automation  for  Manf 
Process  using  C/C++, 
Unigraphics,  UFUNC  &  GRIP. 
Dev.  E-learning  system  for 
CAD/CAM.  BS/Engr.+5  yrs  rele¬ 
vant  exp.  or  MS/Engr.+3  yrs  rel¬ 
evant  exp.  Also  seek  Progr- 
ammer/Applic.  Dev.  dev+main- 
tain  2-tier&ntier  appl  for  e-com- 
merce+corpo  use.  Using  ASP, 
VBScript,  VB6,  J-Script.  HTML, 
SQLL,  etc.  Mng  &  doc  code 
changes.  BS/Comp  SC  or 
Engr+1  yr  relevant  exp.  Both 
Westminster  job  loc.  Resumes 
to  1490  W121st  Ave.. 
Westminster,  CO  80234,  Attn 
HR. 


SOFTWARE  DEVELOPER, 
for  int'l  freight  fwdg.  Co.  in 
Morristown,  NJ.  Req'd  to  con¬ 
duct  analysis,  dvlpmt  & 
implmt.  of  proprietary  soft¬ 
ware  for  imp/exp  sys.  in 
AS/400  &  S36  programs.  Dvlp 
&  test  new  &  revised  sys. 
Must  have  Bach.  Deg  &  either 
3  yrs  exp  in  job  offd  or  3  yrs 
exp  as  Progr/Anlst.  Must  be 
exp'd  in  Java,  COBOL,  RPG, 
CL  &  OCL.  Send  resumes  to 
Asst.  VP,  IT-CC,  Panalpina, 
Inc.,  1776  On-the-Green/67 
Park  PI.,  Morristown,  NJ 
07960. 


Financial 
Engineer-Must 
have  at  least  MS 
degree;  Employer: 
Pinnacle  West 
Capital 
Corporation; 
Location:  Phoenix. 
Fax  resume  to  C. 
Enslow  at  602- 
250-3007. 


Seeking  qualified  applicants  for 
the  following  positions  in 
Memphis.  TN:  Senior  Prog¬ 
rammer  Analyst.  Formulate/ 
define  functional  requirements 
and  documentation  based  on 
accepted  user  criteria.  Require¬ 
ments:  Bachelor's  degree*  In  com¬ 
puter  science,  MIS,  engineering  or 
related  field  plus  5  years  of  expe¬ 
rience  in  systems/applications 
development.  Experience  with 
UNIX  Shell  programming;  C 
and/or  C++;  and  SQL  also 
required.  ‘Master's  degree  in 
appropriate  field  will  offset  2  years 
of  general  experience.  Submit 
resumes  to  Sibi  George,  FedEx 
Corporate  Services,  1900  Summit 
Tower  Blvd  .  Suite  1400,  Orlando. 
FL  32810.  EOE  M/F/D/V 
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Donna  Pomponi,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dpomponi,  chorgan@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


Mid-Atlantic 

Jacqui  DiBianca,  Regional  Sales  Manager 
Marta  Hagan,  Sales  Assistant 
Internet:  jdibian,  mhagan@nww.com 
(610)  971-1530/FAX:  (610)  975-0837 


Midwest 

Eric  Danetz,  Regional  Sales  Manager 
Agata  Joseph,  Sales  Associate 
Internet:  edanetz,  ajoseph@nww.com 
(201)  587-0090/FAX:  (201)  712-9786 


Central 

Dan  Gentile,  Midwest  Regional  Director 
Grade  Vela,  Sales  Assistant 
Internet:  dgentile,  gvela@nww.com 
(512)  249-2200/FAX:  (512)  249-2202 


Northern  California 

'  Sandra  Kupiec,  Associate  Publisher,  Western  Region 
Miles  Dennison,  Regional  Sales  Manager 
SeanWeglage,  Regional  Manager 
Teri  Whitehair,  Office  Manager/Exec.  Asst. 

Berit  Einsiedl,  Sales  Assistant 

Internet:  skupiec,  mdennison,  sweglage,  twhitehair 

beinsiedl@nww.com 

(650)  577-2700/FAX:  (650)  341-6183 


Northwest/Rockies 

Karen  Wilde,  Regional  Sales  Manager 
Lara  Greenberg,  Regional  Sales  Manager 
Berit  Einsiedl,  Sales  Assistant 
Internet:  kwilde,  Igreenberg,  beinsiedl@nww.com 
(650)  577-2700/FAX:  (650)  341-6183 _ 


Southwest 

Becky  Bogart  Randell,  Senior  District  Manager 
Angela  Norton,  Sales  Assistant 
Internet:  brandell,  anorton@nww.com 
(949)  250-3006/FAX:  (949)  833-2857 


Southeast 

Don  Seay,  Regional  Sales  Manager 
Caitlin  Horgan,  Sales  Assistant 
Internet:  dseay,  chorgan@nww.com 
(404)  845-2886/FAX:  (404)  250-1646 

Customer  Access  Group 

1  Tom  Davis,  Assoc.  Publisher  Eastern  Region/General 
Manager,  Customer  Access  Group 
Shaun  Budka,  Director,  Customer  Access  Group 
Kim  Gaffrey,  Sales  Manager,  Western  Region 
Kate  Zinn,  Sales  Manager,  Eastern  Region 
Sharon  Stearns,  Manager,  Client  Services 
Caitlin  Horgan,  Sales  Assistant 
Internet:  tdavis,  sbudka,  kgaffrey,  kzinn,  sstearns, 
chorgan@nww.com 
(508)  460-3333/FAX:  (508)  460-1237 


Fusion 

Alonna  Doucette,  Vice  President  Online  Development 
James  Kalbach,  Director,  Online  Services 
Stephanie  Gutierrez,  Online  Account  Manager 
Debbie  Lovell,  Online  Account  Manager 
Kristin  Douglas,  Online  Operations  Manager 
Internet:  adoucette,  jkalbach,  sgutierrez,  dlovell, 
kdouglas@nww.com 
(610)  341-6025/FAX:  (610)  971-0557 


MARKETPLACE 

Response  Card  Decks/MarkctPlace 

Richard  Black,  Director  of  Marketplace 
Karima  Zannotti,  Senior  Account  Manager 
Enku  Gubaie,  Senior  Account  Manager 
Amie  Gaston,  Account  Manager 
Chris  Gibney,  Sales  Operations  Coordinator 
Internet:  rblack,  kzannott,  egubaie,  agaston, 
cgibney@nww.com 
(508)  460-3333/FAX:  (508)  460-1192 

IT  CAREERS 

Director,  Nancy  Percival,  East  Regional  Manager,  Deanne 
Holzer,  Midwest/West  Regional  Manager,  Laura  Wilkinson, 
Sales/Marketing  Associate,  Joanna  Schumann  (800)  762- 
2977/FA  X:  (508)  375-6310 


■  IDG 

Patrick  J.  Icflmn.  Chairman  of  the  Board 
CEO 


Network  World  is  a  publication  of  IDG.  the  world's  largest 
publisher  of  computer-related  information  and  the  leading 
global  provider  of  information  services  on  information  tech 
nology.  IDG  publishes  over  275  computer  publications  in  75 
countries.  Ninety  million  people  read  one  or  more  IDG  publi¬ 
cations  each  month.  Network  World  contributes  to  the  IDG 
News  Service,  offering  the  latest  on  domestic  and  interna 
tional  computer  news. 
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BackSpin  Mark  Gibbs 
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www.nwfusion.com 


Racing  to  instant  messaging 


s 


o  there  I  was  Googleracing 
with  my  friend  Sandy  and  this 
particular  race  was  more  like  a 
cross-country  marathon  than  a 
sprint.  And  she  pointed  out  that . . . 
pardon?  Oh,  what  is  Googleracing? 

Ah.  Well,  have  you  heard  of  Googlewhacking?  This 
is  a  fabulously  geeky  pastime  wherein  you  try  to  find 
two  English  words  that,  when  typed  into  the  Google 
search  engine,  are  found  on  one,  and  only  one, Web 
page  (the  definitive  site  for  aficionados  is  www. 
googlewhack.com/) . 

Since  then,  other  games  have  emerged  such  a 
Googlisms  (www.googlism.com/),  which  searches 
for  statements  about  people  and  things,  and  Google- 
spolling  (my  name  for  it)  whereby  you  search  for 
pages  with  misspellings  in  the  hope  of  finding  amus¬ 
ing  gaffs.  For  example,  go  to  Google  and  search  for 
physic  readings.  But  I  digress. 

Googleracing  is  yet  another  game  played  with 
Google.The  game  starts  when  two  or  more  people 
are  on  a  telephone  call  when  a  question  comes  up 
that  no  one  knows  the  answer  to. The  Googlerace 
begins  to  find  the  answer  and  the  person  who  finds 
it  first  wins. 

In  the  case  of  the  race  1  had  with  Sandy  we  were 
talking  about  a  business  project,  and  the  conversa¬ 
tion  wandered.  We  wound  up  arguing  over  the  exact 


words  of  the  Saturday  Night  Live  sketch  where  Dan 
Ackroyd,  playing  the  part  of  a  politician  in  a  debate, 
turns  to  his  female  opponent  and  says  “Jane,  you 
ignorant  slut.” 

Turns  out  that  even  with  Google’s  help  finding  the 
script  for  that  show  is  tricky  But  Sandy’s  search  dis¬ 
covered  the  only  two  sites  with  the  complete  text 
(for  example,  www.nwfusion.com,  DocFinder:  4347) 
in  something  like  50  seconds. 

Anyway  where  was  I?  Oh  yes,  so  Sandy  was  in  San 
Francisco  and  she  pointed  out  that  we  should  really 
be  chatting  using  instant  messaging. When  I  first 
came  across  instant  messaging  I  thought  it  was  neat 
but  not  of  much  value  to  business.  At  the  time,  none 
of  my  business  clients  and  colleagues  were  on  it  so 
it  didn’t  seem  too  useful.  How  wrong  was  I?  Very 

It  turns  out  that  quite  a  few  of  my  business  associ¬ 
ates  are  now  using  instant  messaging,  and  it  seems 
that  instant  messaging  is  becoming  a  critical  compo¬ 
nent  of  corporate  communications.There  are  several 
reasons  for  this. 

First,  instant  messaging  is  immediate  and  less  intru¬ 
sive  than  other  messaging  methods.  Second,  instant 
messaging  is  low  impact  —  messaging  products  are 
free  or  low-cost,  the  management  overhead  can  be 
as  low  as  you  like,  and  the  bandwidth  use  is  trivial. 
Third,  it  provides  a  new  dimension  to  communica¬ 
tions  —  the  awareness  of  the  availability  and  status 


of  the  other  members  of  your  team, your  department 
or  even  your  whole  organization. 

Of  course,  in  a  corporate  setting  you  might  want  to 
ensure  (or  require  for  legal  reasons)  strict  control  of 
instant  messaging.  And  because  there  are  lots  of 
related  collaboration  tools  that  don’t  interoperate, 
there’s  also  the  Tower  of  Babel  problem  to  solve  (or 
should  that  have  been  Tower  of  Babble?). 

Products  such  as  Envoke  from  Asynchrony  Solu¬ 
tions  (www.asolutions.com)  are  emerging  to  address 
these  issues. 

Envoke  makes  instant-messaging  systems  secure, 
auditable  bridges  between  different  collaborative 
systems  such  as  CUSeeMe  and  Lotus  SameTime.and 
provides  multiple  client  interfaces:  A  Web  portal,  a 
stand-alone  Java  client,  and  a  Palm  OS  client  for 
wireless  communications. 

An  interesting  extension  to  the  Envoke  system  is  an 
API  that  can  add  computer  service  connections  to 
instant  messaging.  For  example,  a  back-office  data¬ 
base  could  be  queried  interactively  just  like  any 
other  instant-messaging  user. 

This  kind  of  depth  of  service  will  make  instant 
messaging  part  of  your  communications  strategy 
rather  than  the  liability  that  a  user-driven  ad  hoc 
solution  will  be. 

Message  me  instantly  at  backspin@gibbs.com. 


uzz  News,  insights,  opinions  and  oddities 


By  Paul  McNamara 


When  criminals  come  a-callin' 

Listen  to  Kevin  Mandia  describe  the  misery  visited 
upon  his  company’s  clients  by  criminal  hackers  — 
real  criminals,  not  mischief  makers  —  and  you  can’t 
help  but  come  away  shaking  your  head. 

You  also  can’t  help  but  wonder  about  the  business 
ethics  of  some  of  those  clients,  but  I’m  getting  ahead 
of  myself. 

Mandia  is  director  of  computer  forensics  at  Foundstone,  a  security  outfit  that  helps 
big-name  corporate  clients  “prevent,  respond  to  and  resolve  enterprise  security 
issues."  He  told  an  audience  at  last  week’s  CyberCrime  2003  Conference  that  “the 
threat  today  is  worse  than  ever”  and  that  most  criminal  hackers  are  overseas  —  in 
particular,  the  former  Soviet  Union  —  where  they  are  so  immune  from  law  enforce¬ 
ment  that  some  make  no  effort  to  conceal  their  identities. 

Credit  card  numbers  and  hard  goods  are  the  most  sought  after  plunder,  but  an 
increasingly  popular  fall-back  position  has  become  extorting  cash  from  compro¬ 
mised  companies,  or,  as  Mandia  calls  them,  "the  folks  most  loath  to  say  ‘We  have  a 
computer  security  problem.'” 

How  reluctant  are  victims  to  admit  they've  been  had? 

Mandia  told  of  one  company  that  lost  $5  million  worth  of  hardware  to  an  online 
scam,  yet  didn’t  even  confess  the  loss  to  its  board  of  directors.  Another's  IT  depart¬ 
ment  waited  27  days  from  when  an  extortion  e-mail  arrived  to  even  notify  the  com- 
oany's  top  executives. 

Mum’s  the  word,  all  right,  which  isn't  good  news  for  consumers. 

Mandia  recounted  a  case  where  the  victimized  company's  lawyer  suggested  indi- 
ti  notification  of  what  was  believed  to  be  17,000  customers  whose  credit  card 
Lers  had  been  compromised.  When  Mandia  cautioned  that  a  closer  look  at  the 


breach  might  reveal  a  broader  problem  —  perhaps  500,000  lost  numbers  —  and 
necessitate  a  blanket  public  notification,  the  company  rethought  the  matter. 

"I  heard  the  general  counsel  say  the  following  semi-compelling  argument:  He  said 
there  is  nothing  our  clients  could  do  to  prevent  the  identity  theft  [they  might  suffer 
as  a  result  of  the  breach],”  Mandia  said.  “They  aren’t  going  to  change  their  name, 
they  aren’t  going  to  move,  and  they  can’t  change  their  mother's  maiden  name.  So, 
risk  vs.  reward,  we  lose  more  by  telling  them  than  they  could  gain  if  we  tell  them." 

Sure  sounds  like  something  a  lawyer  might  say.  And  they  didn't  tell  anyone. 

"Weeks  later  I  thought  about  it,  and  there  is  something  [a  credit-card  holder]  can 
do,"  Mandia  continued.  “You  can  start  calling  credit  agencies  and  get  reports  and 
find  out  if  there  are  four  new  Visa  cards  in  your  name — They  didn't  consider  that." 

Financial  institutions  are  required  to  report  stolen  credit  card  data  but  your  run-of- 
the-mill  e-commerce  site  is  not,  Mandia  said,  or  at  least  there  are  differences  of 
opinion  as  to  what  the  law  requires. This  leads  to  self-serving  rationalizations  such 
as:  "Until  the  cards  are  used,  let’s  not  report  it  to  anyone." 

As  for  the  extortionists,  they’re  laughing  all  the  way  to  the  bank. 

“They're  extorting  you  with  real  bank  accounts,"  Mandia  said.  “[Their  e-mails  read] 
‘Here  is  my  bank  account.  Please  transfer  the  money  here.'  So  there's  no  real  mys¬ 
tery  as  to  who  is  behind  this.  The  other  weird  way  of  looking  at  this  is  that  once  you 
get  extorted,  that’s  the  good  news:  It  means  they  didn’t  get  credit  card  numbers 
from  you  and  they  can't  fraudulently  purchase  anything  from  you." 

And  there's  even  more  “good"  news:  Extortion  payments  are  negotiable,  according 
to  Mandia.  Companies  are  getting  off  the  hook  for  as  little  as  a  few  hundred  dollars. 
One  extortionist  even  asked,  “What  fee  do  you  think  is  reasonable?" 

Finally,  Mandia  said  about  half  the  cases  he's  privy  to  ended  in  quiet  payments  and 
that  he  hadn't  heard  of  a  single  instance  where  the  extortionist  came  back  for  more. 

Who  said  there’s  no  honor  among  thieves? 

Columnists  don 't  hide  either.  The  address  is  buzz@nww.com. 


Everything 

you  need 
in  a  router 
(at  half 
the  price). 


Introducing  the  NetVanta  3000  Series  from  ADTRAN 


■  Cost-effective  access 
routing  for  branch  office 
connectivity  and 
Internet  access 

■  Recognizable  Command 
Line  Interface  (CLI) 

■  No  retraining  or 
costly  certification 

■  Built-in  stateful 
inspection  firewall 

■  Interoperable  with  other 
standards-based  routers 

■  Optional  PBX  connectivity 

■  Optional  dial 
backup  system 

■  Built-in  DSU/CSU  for 
WAN  termination 

■  Free  24x7  telephone 
technical  support 

■  Optional  extended 
installation  and 
maintenance  program 


This  powerful  new  access  router  from  ADTRAN  is  everything  you 
need  in  a  router,  and  then  some,  at  a  cost  that’s  up  to  55  percent 
less  than  other  brand  name  routers.  This  high-quality,  low-cost 
alternative  features  a  stateful  inspection  firewall,  a  DSU/CSU,  and  a 
familiar  CLI.  Comprehensive  dial  backup  and  PBX  connectivity  are 
available  at  a  minimal  cost.  Interoperable  with  other  standards-based 
routers,  the  NetVanta  3000  Series  fits  seamlessly  into  your  existing 
network.  Backed  by  unlimited  telephone  support  and  a  5-year 
warranty,  the  NetVanta  3000  Series  is  clearly  the  intelligent  choice. 

New  vendor  to  routing?  No  way!  ADTRAN  has  incorporated  its 
router  technology  into  selected  WAN  connectivity  products  for  the 
past  five  years;  with  more  than  75,000  now  installed  in  networks 
around  the  world.  The  NetVanta  3000  Series  is  the  latest  in  a  long 
line  of  market-leading  internetworking  and  connectivity  solutions, 
from  a  company  with  a  17-year  history  of  customer  satisfaction. 

Dare  to  compare  the  new  NetVanta  3000  Series! 

www.  adtran.  com/in  fo/  ?netva  n  ta3000 

877.212.0327  Technical  Questions 

877.280.8416  Where  to  Buy 


Experts  choose  ADTRAN."  Adirad 


Copyright  3: 2003  ADTRAN  Inc.  All  rights  reserved.  ADTRAN  and  NetVanta  are  trademarks  of  ADTRAN,  Inc.  EN42B021703NW 
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WebSphere 


software 


PORTAL 

PLAY 


1  ]  WIN  WITH  PORTALS:  Here.  There.  Everywhere.  With  information 
coming  from  infinite  sources,  a  seamlessly  integrated  portal 
is  crucial  for  both  increased  productivity  and  reduced  costs. 

2]  WIN  WITH  WEBSPHERE:  WebSphere  offers  a  pre-integrated, 
easy-to-implement  portal  solution  complete  with  leading- 
edge  collaboration  from  Lotus,®  content  management  from  DB2® 
and  the  best  in  security  capabilities  from  Tivoli.® 

3]  MAKE  THE  PLAY:  Visit  ibm.com/websphere/portalplay 
for  a  free  portal  kit  with  downloadable  demos  and  testimonials. 


(e)  business  is  the  game.  Play  to  win. " 


MESSAGE 


IBM.  DB2,  Lotus.  Tivoli.  WebSphere,  the  e-business  logo  and  e-business  is  the  game.  Play  to  win  are  registered  trademarks  or  trademarks 
of  International  Business  Machines  Corporation  in  the  United  States  and.br  other  countries  2002  IBM  Corporation  All  rights  reserved 
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